I'm using developer sandbox to make all my api calls.
It's website build with laravel 5.2
All api calls are made with guzzle/guzzle.
I'm trying automate sending pdf contracts (creating envelopes) using docusign api.
I followed steps from Using the Authorization Code Grant
I had no problem with:
Starting the Authentication Code Grant
Handling the Response
Exchanging the Code for a Token
Getting the User’s Account and Base URI Information
After I get userinfo, there is only one account, so I used that accounts base_uri for all subsequent api calls
{base_uri} + "/restapi/v2/accounts/" + {account_id}
In all my subsequent api calls I'm also adding header
Authorization: Bearer eyJ0eX...MrhIddzBAQ
where I'm using access_token that I've got in step Exchanging the Code for a Token
When doing a create envelope api call, or any other api call, using access_token, base_uri and account_id I get
POST https://demo.docusign.net/restapi/v2/accounts/<account_id>/envelopes resulted in a 401 Unauthorized response
What I tried
Test using the access_token in docusign API explorer:
I went to API EXPLORER - create envelope
I used Authenticate using Sandbox Account to authenticate with the access_token that I've got in previous calls to docusign. Same for the account_id.
When I click on SEND REQUEST, I get 401 Unauthorized response again.
When I use Authenticate using Sandbox Account, but this time I click on Get OAuth2 token (that generates new token), and I click on SEND REQUEST, I get success message.
Then I copied this access_token (from Request) into my website to test the api call, and this time it worked. It also worked for all other api calls that I was making to docusign.
So, using access_token that I get after Exchanging the Code for a Token, I get 401 Unauthorized for api calls
When I use access_token that I generated in API explorer, all api calls to docusign work in my website.
What I also tried
Use refresh_token to get new access_token. Still 401
Xdebug, going step by step to make sure that all params/headers are set before api call. They are, and they are the same as api explorer.
Guzzle option debug => true to get more information about the request, and to compare with what's sent in API EXPLORER, and they are basically the same, except the tokens.
Postman to make request to api, (just to eliminate any chance that I have errors in my code), with same behavior:
401 with token that I get from docusign
success when using API EXPLORER generated token
I'm kinda lost on what to do next and how to solve this, I'm sure it's something simple, but I can't seem to locate the problem.
Update
I used Larry K's answer and found that my problem was with the scope value in /oauth/auth call. I changed it to scope=signature%20extended, and everything works perfectly!
When you click the Get OAuth2 token in the API explorer, you are going through the complete Authorization Code Grant flow, including the new token.
Since this works, but the token your app obtained via the OAuth Authorization Code flow doesn't work, this tells me that your app has an issue.
Check:
Logout from DocuSign. Login from your app. Are you transferred to DocuSign to log in correctly? And then redirected to your app?
Are you requesting the "signature" scope in your request? Check spelling and capitalization of the scope name!
When you're redirected to your app, your app receives the authorization code as a query parameter. Do you get it ok?
When you convert your authorization code to a bearer token are you storing the complete bearer token? It is quite long.
When you send your Envelopes::create request, are you including a space between the word Bearer and the token itself?
Are you making your API call to demo.docusign.net (not .com)
If the above doesn't help, then please update your question (you can edit your question itself) with a trace of your request.
Related
For many collections in Postman we use authorization with the grant type=Authorization code (to Azure). For requests using the grant type client credentials I'm able to write the prerequest script which acquires the token automatically (if needed) and I would like to have such a script for the authorization code flow too. There are many examples related to basic authorization (user name/password) flow out there, but I haven't found any for the authorization code flow.
Here are the steps I have to do according the MS docs):
I call POST method to the https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize with all required parameters, as redirect_uri I use https://www.getpostman.com/oauth2/callback
After successful authentication Azure sends the code as url parameter in the callback request to provided redirect_uri. In the browser it looks like this https://www.getpostman.com/oauth2/callback/?code=authorizationCodeGeneratedByAzure
To proceed further I would need now to somehow observe the redirect_uri, to catch the incoming request (the callback from Azure) and somehow grab the code from the request url parameters for further usage in the following request for the token acquisition. And this is what I can't figure out how to do.
So my question is:
How can I get the authorization_code from the url of Azure authentication response sent to redirect_uri after the successful authentication in the Prerequest script?
Hope you are doing it in the authorization_code flow and application as WebApp.
So, for authorization_code flow there are 2 steps to get the access token.
To get the code first from the /authorize end point.
Use that code to get the access token from /token end point.
https://www.getpostman.com/oauth2/callback/?code=authorizationCodeGeneratedByAzure
As you mentioned that you got the code from redirect-uri, you just need to extract this code to pass in token end point along with the client_secret to get the token.
After successful authentication Azure sends the code as url parameter in the callback request to provided redirect_uri.
For further process use that code along with the client_secret for the token acquisition.
Below is the sample view from the Postman.
I am trying to fetch ticket using azure api, but it's showing "Unable to complete authentication for user due to looping logins" while making an api call, i have passed proper Authorization header and provided correct personal access token in base64 encoded.(see fig)
I am using GET https://dev.azure.com/{organization}/{project}/_apis/wit/workitems/{id}?api-version=1.0 for making an api call.
link: https://learn.microsoft.com/en-us/rest/api/azure/devops/wit/work-items/get-work-item?view=azure-devops-rest-6.0
am i missing something? Looking for suggestion.
On Postman, to execute RESI API using PAT (Personal Access Token) as the authentication, you should set on Authorization tab, instead of directly on the Headers tab.
My issue is how to configure a custom connector in Power Automate/Power Apps to do a refresh token call with Docusign to keep access tokens valid avoiding users to have to log in a couple of times during the day.
I have been able to make custom connectors for user authentication with Docusign (Oauth2) and sending envelopes for signature etc. So have a good working knowledge of Custom connectors and using these in Power Automate and Power Apps.
I have successfully configured Postman to POST a request to Docusign (Demo site) to refresh the access token (new access token and new refresh token). I am receiving the full json payload back from docusign as follows:
{
"access_token": "eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAUABwAAMdMo6AjZSAgAAHH2NisJ2UgCAOid-3Oz8jJHsDvIUG5hRR8VAAEAAAAYAAEAAAAKAAAADQAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4IgAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4MAAACeRizwjZSDcAQQ4yjgnYb0mjVFoiOzvttQ.tJMn4eTF_3sJwUiCugaH-zv9pzu8GrOXOWq0bhvmhrF-WG3scES4KxTtDMd7hmuasap_S_YBAKH-CrFfzY55tJU7tS64TowkX8UJfBJRvdurUrFsJHz4kcIPFm-1XI48XSoJbNK0eb_-U5CG3WVySSZXP-998a0y0TYZtQERaFkJNv6qEsw3Iykl3sDHDFjG9BXK7OrlnK-fkT-wQHbu_IghgnNS_gMI_qXVCNyxE4EJdChfkkLUAjmKt2mNQYhLb7gV1XOwtHgrowyWRXAM1ViXrOuyo60yVatmfo6yKcO9A5Cd_qVSP3owIXAQthkb72nwRP8o6n2ClU2U8Dp-Gw",
"token_type": "Bearer",
"refresh_token": "eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAgABwAAMdMo6AjZSAgAALE3IXsg2UgCAOid-3Oz8jJHsDvIUG5hRR8VAAEAAAAYAAEAAAAKAAAADQAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4IgAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4MAAACeRizwjZSDcAQQ4yjgnYb0mjVFoiOzvttQ.c0aUX8xcLBtDN256v4pnkirdeprnygZoRl0-zfpE7qxO3BkHpma5ik0uZS_T5KY6TW89vZOk9TDxT-I20Gh8kgeaK4N7xxmmh772qRPUQo16vc9i4RAsKJxDv4B0f_prH9TWr2j83bxSs_JhlHXnvMdV6vV4hZr5_z640MvLe6L74lNUS8nSLKrUDor0TFlCgzqRLp4GZrDMdgRpZFIfOmshgvgAeLR4oDhLqIPN7Z0FT385B9-KH6yeI9gCt4Ddu2CV2cKbgnnd02XOrNuv1M-IwYjzQ7XMlDsrdL4u5Y9TKnZW2Nia02Xt_IENyZ_TKtAO0ZNEXMg4kMEZqaKypQ",
"expires_in": 28800}
I understand that I can use the new refresh token in this payload in 8 hours to do another refresh etc.
I now want to create a Power Automate flow to run a custom connector that requests the same refresh token every 8 hours. I have done extensive research and not really see any options for this (and that Power Automate only supports Postman Collections V1 and not V2 so that is not helpful) so am having to work this out.
Specifically, as I am making a POST REST API call to Docusign, it is not a full Oauth2 call as I am using the refresh token (refresh token not expired). I noted in the Postman example, I had to force session authorization as the Base64 code for the Integration key concatenated with the secret key prefixed by the text "Basic" resulting in an Authorization string as follows:
Basic ZjA5Y2U4NBQtM2U5Yy00NjEzLTkwwzctNGY5MmFhY2Ninja4OmZjYmI3MzhjLTQ0ZWUtNDA3MS040dhiLTViNjEzNGFlMTc30A== (example only)
Using this in the header along with Content-Type, Accept and Scope set to 'extend' in the header and setting grant_type as refresh_token and refresh_token to the actual token value results in a correct response.
While Oauth2 involves full authentication using the integration key and secret key as well as the redirect URL, A refresh token does not need this.
To date, I have tried using the API Key approach to the custom connector and inserted the authorization string as listed above. It appears to accept the authorization string however, I receive an error message of "invalid_grant".
Looking at the request, it appears as follows:
{"Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL2FwaWh1Yi5henVyZS5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC81ZDk1MjJmNi01NjZlLTQ1ZWMtYjFlNC01MjJmOTJiMDU0OTkvIiwiaWF0IjoxNjE5NTI4MTEwLCJuYmYiOjE2MTk1MjgxMTAsImV4cCI6MTYxOTUzMjAxMCwiYWNyIjoiMSIsImFpbyI6IkFVUUF1LzhUQUFBQWJld0ZsaGhET2grSkg3WlFpT1JXd0JoVkg0UXQwMDErWG9ldk45WXBVRHYrTXpIRDlrVUc3U1RqakRlcjl1Y0d2Y2Fvb2wvVURMcEVLakk1bE04bTZ3PT0iLCJhbXIiOlsicHdkIiwibWZhIl0sImFwcGlkIjoiNjIwNGMxZDEtNDcxMi00YzQ2LWE3ZDktM2VkNjNkOTkyNjgyIiwiYXBwaWRhY3IiOiIyIiwiZmFtaWx5X25hbWUiOiJCb3lsZSIsImdpdmVuX25hbWUiOiJSaWNraSIsImlwYWRkciI6IjUwLjgyLjE3Ni4xNjUiLCJuYW1lIjoiQm95bGUsIFJpY2tpIiwib2lkIjoiMGIwNTZiMTQtZGQwOS00ZDA2LTlmYmMtYmRkZTU0ZGZlNDExIiwib25wcmVtX3NpZCI6IlMtMS01LTIxLTM5Mzc2NjAxMDAtMjYyMDEwOTU1OS0yOTY1ODM5MjAxLTY1ODEzIiwicHVpZCI6IjEwMDMyMDAwNDBDMzZCNTYiLCJyaCI6IjAuQVNjQTlpS1ZYVzVXN0VXeDVGSXZrckJVbWRIQkJHSVNSMFpNcDlrLTFqMlpKb0luQUpJLiIsInNjcCI6InVzZXJfaW1wZXJzb25hdGlvbiIsInN1YiI6IlRhZzl5Y3RXLVlwY1NsMjU2bGFJS3EtU2RPYXhMSEpnMWtyVXhiSVhjNkUiLCJ0aWQiOiI1ZDk1MjJmNi01NjZlLTQ1ZWMtYjFlNC01MjJmOTJiMDU0OTkiLCJ1bmlxdWVfbmFtZSI6InJib3lsZUBjaGVuZWdhLmNvbSIsInVwbiI6InJib3lsZUBjaGVuZWdhLmNvbSIsInV0aSI6Ii1aUW1nMEZid2syT3gtQXRWVXNLQVEiLCJ2ZXIiOiIxLjAifQ.luRgs4pprJBM7YjB0W-nJJv-7E2zgxslxzwSR4TBsOLseTN5u7aQT5uadqwoXOKxPksgPIWWkgodsU5Cbfh_2wcM4-FaUa2pLmxLG7nemEbGnzbZ0eJLvRTyZCYDnbeOwAgreHNpNpeFWlOs6Jq79y7ibiyc3xMd2Uzaj0hbEli9mlF_z0MLRjZ5pke3uRlvecuyUz6TXxdCaVB_vbM9Ic7sYLny8cHh715J3SL0mprLmL3esaVaXY6qvq6SxIKQcU0vX9lMjZaK8jAAmJ2fpUrDMlgU8cP5hw1g3mIWvfiJoK8N7a42JxKCXE-WQK-bfmBzg-euH4JFOzv07w_ESw","Content-Type": "application/x-www-form-urlencoded","Accept":"application/json","Scope": "extended"}
The body of the request is as follows:
{ "grant_type": "refresh_token", "refresh_token": "eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAgABwAA26qofAnZSAgAAFsPoQ8h2UgCAOid-3Oz8jJHsDvIUG5hRR8VAAEAAAAYAAEAAAAKAAAADQAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4IgAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4MAAACeRizwjZSDcAQQ4yjgnYb0mjVFoiOzvttQ.zbQWTuYN7Jf_3O5n4zLfZ7ykkELBlLwhmUI9pHEPiAsZKJH-RsEQLS4Wb3wP9ni6s9ErbdNGkdc6O6pVTxi4SNkljP3YDEUezMPK4PakMgprZ9an_1c2gIh4lqfLa532djL3s143OPuhtsQITZzyvy3hXYC3dyYFyYljjFLD4p9dC5CprU8Db0Tjx1iBhwNt-lh3C85m92xh6mUyETNCqDF_RoV4jeIJdwDNq7eX_u1TXONchVCV8O66DZZRvI9Ig0PXza7Dm0_neaJ5N5-l0TXsbeAGWu8IqwTGjVWRWjxzsT6IgxcXTynPci9HoNhS7bU4BnlRnuqMbCqAopInjA" }
It appears that it is including the prior/expired access token in header of the request where this is not required to using the refresh token. I think my error is occurring as a result of the custom connector not configured correctly to make this call and including the Bearer access token.
Basic authentication does not work nor does it seem No authentication works as custom connector security configurations.
I am looking for guidance on how to correctly configure the custom connectors in Power Automate/Power Apps to use the authorization code with a refresh token with Docusign to get a new access token without having the user to log in once the access token has expired.
Thank you.
I ended up using the HTTP step in Power Automate to POST the refresh request and returned a body into Power Automate with the new access token and refresh token which I then save in a secure SP list. It is running on a schedule that keeps the tokens current for the application. I have found issues with Custom Connectors, in particular when a connector uses Oauth2, it will 'FAIL' a connection after the user tokens have expired and NOT prompt the user to sign in when using the custom connector again.
getUserInfo within api Explorer dies
We were getting a 401 when attempting to use the REST getUserInfo endpoint. So, we decided to test it using the Docusign provided API explorer. Same error, but it also gives a response of "internal_server_error"
Does that endpoint just not work?
After further testing, we reauthenticated and used a brand new access token, instead of the one re-issued from the refresh token request, and it worked. Not sure if that endpoint is not available after a refresh token has been re-issued?
Note that the host for the method is different than for the other API methods, it's
account-d.docusign.com for the developer sandbox
account.docusign.com for the production platform.
It only works with a bearer token.
The refresh gives you a new bearer token, that should not be an issue.
Docs: https://docs.docusign.com/esign/guide/authentication/userinfo.html
Given an auth token, originally received from Spotify Android/iOS SDK, I want to check with Spotify that the token I am holding is valid. Is there a minimal endpoint for doing this?
Ideally something not data-intensive, as I just want to know if the token is valid. This must be done with Web API and not SDK.
There is no API endpoint for checking whether the access token is still valid. Usually you would store it along with the expires_in value that tells you until when it is valid.
An alternative is making a request to any endpoint from the Web API passing the access token. You will get a 401 Unauthorized status code back if the token has expired.