I am using Docusign Login information api in a mapping with Informatica Cloud .
The mapping executes successfully with a fault response.The error message in the fault response is as follows.I have tested the same api in postman.I am using Integrator Key provided by Docusign for authentication along with my username and password.The API works perfect in postman.But with Informtica Cloud it gives me following error.
I have created swagger file with username,Password and integrator key as headers for creating the web service in Informatica Cloud.I am using Authentication type as 'Basic' in the connector and in swagger file.Where I am I going wrong with authentication?The Integrator Key or the username and password are valid.
Unauthorized {
"errorCode": "AUTHORIZATION_INVALID_TOKEN",
"message": "The access token provided is expired, revoked or malformed."
}
This question/answer from the Informatica site may be of help.
If the Informatica Cloud connector enables you to pass an X-DocuSign-Authentication header then you can use DocuSign's Legacy authentication.
If not, then you will need to send an Authorization header with value Bearer a_bearer_token
From the Informatica QA, it looks like you will need to create a small application that will use the JWT Grant to create an Access Token, and then return the Access Token to Informatica.
Next, use the Access Token via Informatica to use DocuSign's API.
I'm sure that Informatica Cloud's consultants have come across this issue before, you could also contact them for help.
DocuSign doesn't support Basic Authentication for API calls.
I'm not familiar with Informatica Cloud, are you able to define a custom header so you can properly provide the x-docusign-authentication data block?
Related
I am try to approve the prividedge identity management (PIM) request through graph api but when i try to approve it the api is return forbidden. See the below screenshots
The pending request should be approved.
First, I want to know what API permission you consented for using this graph API, because to be honest, I didn't find this graph API, I only found this document which contained the API request you used.
According to the error message, I'm afraid you gave the wrong api permission or you used client credential flow to generate the access token to call the API. So it's better to provide the request you used to generate access token.
Finally, I found an answer here which successfully call the API but with Powershell script. According to this sample, we should give PrivilegedAccess.Read.AzureAD,RoleAssignmentSchedule.ReadWrite.Directory,PrivilegedAccess.ReadWrite.AzureAD delegated API permission and use it to generate access token. We need to use auth code flow/ROPC flow so that the token generated should contain scp claim with API permissions as value. Then using that token to call the API.
You may try request below to generate the access token for a test:
POST https://login.microsoftonline.com/{TenantId}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id=azure_ad_app_id_consented_api_permission
&scope=PrivilegedAccess.Read.AzureAD RoleAssignmentSchedule.ReadWrite.Directory PrivilegedAccess.ReadWrite.AzureAD
&username=user_name_better_to_use_account_with_Global_Administrator_role
&password=password
&grant_type=password
I am developing against DocuSign's docusign-esign-java 2.8 SDK and am encountering an error attempting to create an Envelope using the EnvelopesApi.
Here's the specific error I am hitting:
com.docusign.esign.client.ApiException: Error while requesting server, received a non successful HTTP code 400 with response Body: '{
"errorCode": "USER_LACKS_PERMISSIONS",
"message": "This user lacks sufficient permissions to access this resource."
}'
at com.docusign.esign.client.ApiClient.invokeAPI(ApiClient.java:1036) ~[docusign-esign-java-2.8.0.jar:na]
at com.docusign.esign.api.EnvelopesApi.createEnvelope(EnvelopesApi.java:702) ~[docusign-esign-java-2.8.0.jar:na]
at com.docusign.esign.api.EnvelopesApi.createEnvelope(EnvelopesApi.java:652) ~[docusign-esign-java-2.8.0.jar:na]
The client went through DocuSign OAuth Code Flow and granted our Application scope=signature+extended.
Does anyone have any ideas or suggestions on what I could look into?
I feel like this is somehow a DocuSign account configuration issue more than a code issue or an OAuth authorization issue, but I'm not sure where to look.
This can happen because:
There's a mismatch between the accountId in the URL that you are making API calls for (you pass accountId to the API call from the Java SDK) to the account that you used to authenticate (which may be different) when you implemented OAuth.
There's a mismatch between developer and production env. Make sure you use the same env for both authentication and API Call.
The user you authenticated with actually don't have permission to create envelopes. Some users cannot do that.
Account has an option to only allow creation of envelopes from templates.
I would try a new developer account and make sure that you are using the correct account in both the authentication piece and the API calls.
From Azure Data Factory, I'm trying to connect to a REST service that requires an access token (OAuth2).
Tried in Postman with the client credentials flow (client_id/client_secret) and it works fine:
Calling the token endpoint to get an access_token
Use the token in a subsequent request to retrieve data.
I configured the linked service like that as It supposed to support the OAuth2 client credentials flow:
But when testing the connection, it fails with this message:
The request body must contain the following parameter: 'client_secret'.
I don't really understand why the client_secret is not added in the request body as it is a client credentials flow.
Not sure if I'm missing some configuration ?
For the moment, I'm using Web Activity as a workaround.
This error may occurred because Allow public client flows is disabled for the application registered in Azure AD.
Enabling it may fixed the issue.
Refer - https://learn.microsoft.com/en-us/azure/data-factory/parameterize-linked-services?tabs=data-factory
Refer - https://learn.microsoft.com/en-gb/azure/active-directory/develop/scenario-desktop-acquire-token?tabs=python#username-and-password
I created an Api in azure and recently tried to change to authentication method to access it via OAuth2.
I requested a token using https://login.microsoftonline.com/[TENANT]/oauth2/v2.0/token/ and tried to use it to access my api via postman.
Then I tried to use the received token to make a request to my api:
I used Postman's Authorization pane to specify OAuth2.0 as the authentication method and set the Grant Type configuration to "implicit" and sent a request.
Configured like this, the request goes through using the "http" version of my api but as soon as I try to use the "https" version, I get a 401 error "Unauthorized".
Have I configured my api wrong ? Or am I using the wrong url to authenticate ?
Thanks a lot for your time.
After a lot of research I found out what was wrong :
I had to add the application ID in the allowed token audiences of identity provider (in the azure app service, navigate to authentication > locate the identity provider > click on edit > at the bottom of the page add the your app registration's application ID. For good measure I also added api://[APPLICATION ID]/.default and api://[APPLICATION ID]
There was still some authentication code left in the source code of my api. When I was trying to connect I sometime had a response which consisted of HTML titled "Sign in to your account". It was caused by a segment of code in the startup.cs file of my api which verified the user who made the request against my Azure AAD. After removing it I no longer had the error
My issue is how to configure a custom connector in Power Automate/Power Apps to do a refresh token call with Docusign to keep access tokens valid avoiding users to have to log in a couple of times during the day.
I have been able to make custom connectors for user authentication with Docusign (Oauth2) and sending envelopes for signature etc. So have a good working knowledge of Custom connectors and using these in Power Automate and Power Apps.
I have successfully configured Postman to POST a request to Docusign (Demo site) to refresh the access token (new access token and new refresh token). I am receiving the full json payload back from docusign as follows:
{
"access_token": "eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAUABwAAMdMo6AjZSAgAAHH2NisJ2UgCAOid-3Oz8jJHsDvIUG5hRR8VAAEAAAAYAAEAAAAKAAAADQAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4IgAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4MAAACeRizwjZSDcAQQ4yjgnYb0mjVFoiOzvttQ.tJMn4eTF_3sJwUiCugaH-zv9pzu8GrOXOWq0bhvmhrF-WG3scES4KxTtDMd7hmuasap_S_YBAKH-CrFfzY55tJU7tS64TowkX8UJfBJRvdurUrFsJHz4kcIPFm-1XI48XSoJbNK0eb_-U5CG3WVySSZXP-998a0y0TYZtQERaFkJNv6qEsw3Iykl3sDHDFjG9BXK7OrlnK-fkT-wQHbu_IghgnNS_gMI_qXVCNyxE4EJdChfkkLUAjmKt2mNQYhLb7gV1XOwtHgrowyWRXAM1ViXrOuyo60yVatmfo6yKcO9A5Cd_qVSP3owIXAQthkb72nwRP8o6n2ClU2U8Dp-Gw",
"token_type": "Bearer",
"refresh_token": "eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAgABwAAMdMo6AjZSAgAALE3IXsg2UgCAOid-3Oz8jJHsDvIUG5hRR8VAAEAAAAYAAEAAAAKAAAADQAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4IgAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4MAAACeRizwjZSDcAQQ4yjgnYb0mjVFoiOzvttQ.c0aUX8xcLBtDN256v4pnkirdeprnygZoRl0-zfpE7qxO3BkHpma5ik0uZS_T5KY6TW89vZOk9TDxT-I20Gh8kgeaK4N7xxmmh772qRPUQo16vc9i4RAsKJxDv4B0f_prH9TWr2j83bxSs_JhlHXnvMdV6vV4hZr5_z640MvLe6L74lNUS8nSLKrUDor0TFlCgzqRLp4GZrDMdgRpZFIfOmshgvgAeLR4oDhLqIPN7Z0FT385B9-KH6yeI9gCt4Ddu2CV2cKbgnnd02XOrNuv1M-IwYjzQ7XMlDsrdL4u5Y9TKnZW2Nia02Xt_IENyZ_TKtAO0ZNEXMg4kMEZqaKypQ",
"expires_in": 28800}
I understand that I can use the new refresh token in this payload in 8 hours to do another refresh etc.
I now want to create a Power Automate flow to run a custom connector that requests the same refresh token every 8 hours. I have done extensive research and not really see any options for this (and that Power Automate only supports Postman Collections V1 and not V2 so that is not helpful) so am having to work this out.
Specifically, as I am making a POST REST API call to Docusign, it is not a full Oauth2 call as I am using the refresh token (refresh token not expired). I noted in the Postman example, I had to force session authorization as the Base64 code for the Integration key concatenated with the secret key prefixed by the text "Basic" resulting in an Authorization string as follows:
Basic ZjA5Y2U4NBQtM2U5Yy00NjEzLTkwwzctNGY5MmFhY2Ninja4OmZjYmI3MzhjLTQ0ZWUtNDA3MS040dhiLTViNjEzNGFlMTc30A== (example only)
Using this in the header along with Content-Type, Accept and Scope set to 'extend' in the header and setting grant_type as refresh_token and refresh_token to the actual token value results in a correct response.
While Oauth2 involves full authentication using the integration key and secret key as well as the redirect URL, A refresh token does not need this.
To date, I have tried using the API Key approach to the custom connector and inserted the authorization string as listed above. It appears to accept the authorization string however, I receive an error message of "invalid_grant".
Looking at the request, it appears as follows:
{"Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL2FwaWh1Yi5henVyZS5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC81ZDk1MjJmNi01NjZlLTQ1ZWMtYjFlNC01MjJmOTJiMDU0OTkvIiwiaWF0IjoxNjE5NTI4MTEwLCJuYmYiOjE2MTk1MjgxMTAsImV4cCI6MTYxOTUzMjAxMCwiYWNyIjoiMSIsImFpbyI6IkFVUUF1LzhUQUFBQWJld0ZsaGhET2grSkg3WlFpT1JXd0JoVkg0UXQwMDErWG9ldk45WXBVRHYrTXpIRDlrVUc3U1RqakRlcjl1Y0d2Y2Fvb2wvVURMcEVLakk1bE04bTZ3PT0iLCJhbXIiOlsicHdkIiwibWZhIl0sImFwcGlkIjoiNjIwNGMxZDEtNDcxMi00YzQ2LWE3ZDktM2VkNjNkOTkyNjgyIiwiYXBwaWRhY3IiOiIyIiwiZmFtaWx5X25hbWUiOiJCb3lsZSIsImdpdmVuX25hbWUiOiJSaWNraSIsImlwYWRkciI6IjUwLjgyLjE3Ni4xNjUiLCJuYW1lIjoiQm95bGUsIFJpY2tpIiwib2lkIjoiMGIwNTZiMTQtZGQwOS00ZDA2LTlmYmMtYmRkZTU0ZGZlNDExIiwib25wcmVtX3NpZCI6IlMtMS01LTIxLTM5Mzc2NjAxMDAtMjYyMDEwOTU1OS0yOTY1ODM5MjAxLTY1ODEzIiwicHVpZCI6IjEwMDMyMDAwNDBDMzZCNTYiLCJyaCI6IjAuQVNjQTlpS1ZYVzVXN0VXeDVGSXZrckJVbWRIQkJHSVNSMFpNcDlrLTFqMlpKb0luQUpJLiIsInNjcCI6InVzZXJfaW1wZXJzb25hdGlvbiIsInN1YiI6IlRhZzl5Y3RXLVlwY1NsMjU2bGFJS3EtU2RPYXhMSEpnMWtyVXhiSVhjNkUiLCJ0aWQiOiI1ZDk1MjJmNi01NjZlLTQ1ZWMtYjFlNC01MjJmOTJiMDU0OTkiLCJ1bmlxdWVfbmFtZSI6InJib3lsZUBjaGVuZWdhLmNvbSIsInVwbiI6InJib3lsZUBjaGVuZWdhLmNvbSIsInV0aSI6Ii1aUW1nMEZid2syT3gtQXRWVXNLQVEiLCJ2ZXIiOiIxLjAifQ.luRgs4pprJBM7YjB0W-nJJv-7E2zgxslxzwSR4TBsOLseTN5u7aQT5uadqwoXOKxPksgPIWWkgodsU5Cbfh_2wcM4-FaUa2pLmxLG7nemEbGnzbZ0eJLvRTyZCYDnbeOwAgreHNpNpeFWlOs6Jq79y7ibiyc3xMd2Uzaj0hbEli9mlF_z0MLRjZ5pke3uRlvecuyUz6TXxdCaVB_vbM9Ic7sYLny8cHh715J3SL0mprLmL3esaVaXY6qvq6SxIKQcU0vX9lMjZaK8jAAmJ2fpUrDMlgU8cP5hw1g3mIWvfiJoK8N7a42JxKCXE-WQK-bfmBzg-euH4JFOzv07w_ESw","Content-Type": "application/x-www-form-urlencoded","Accept":"application/json","Scope": "extended"}
The body of the request is as follows:
{ "grant_type": "refresh_token", "refresh_token": "eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAgABwAA26qofAnZSAgAAFsPoQ8h2UgCAOid-3Oz8jJHsDvIUG5hRR8VAAEAAAAYAAEAAAAKAAAADQAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4IgAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4MAAACeRizwjZSDcAQQ4yjgnYb0mjVFoiOzvttQ.zbQWTuYN7Jf_3O5n4zLfZ7ykkELBlLwhmUI9pHEPiAsZKJH-RsEQLS4Wb3wP9ni6s9ErbdNGkdc6O6pVTxi4SNkljP3YDEUezMPK4PakMgprZ9an_1c2gIh4lqfLa532djL3s143OPuhtsQITZzyvy3hXYC3dyYFyYljjFLD4p9dC5CprU8Db0Tjx1iBhwNt-lh3C85m92xh6mUyETNCqDF_RoV4jeIJdwDNq7eX_u1TXONchVCV8O66DZZRvI9Ig0PXza7Dm0_neaJ5N5-l0TXsbeAGWu8IqwTGjVWRWjxzsT6IgxcXTynPci9HoNhS7bU4BnlRnuqMbCqAopInjA" }
It appears that it is including the prior/expired access token in header of the request where this is not required to using the refresh token. I think my error is occurring as a result of the custom connector not configured correctly to make this call and including the Bearer access token.
Basic authentication does not work nor does it seem No authentication works as custom connector security configurations.
I am looking for guidance on how to correctly configure the custom connectors in Power Automate/Power Apps to use the authorization code with a refresh token with Docusign to get a new access token without having the user to log in once the access token has expired.
Thank you.
I ended up using the HTTP step in Power Automate to POST the refresh request and returned a body into Power Automate with the new access token and refresh token which I then save in a secure SP list. It is running on a schedule that keeps the tokens current for the application. I have found issues with Custom Connectors, in particular when a connector uses Oauth2, it will 'FAIL' a connection after the user tokens have expired and NOT prompt the user to sign in when using the custom connector again.