Docusign Error: Unauthorized on production server - node.js

I have an application that uses the DocuSign API (the NodeJS SDK, specifically) and got everything working perfectly on the demo sandbox. The Docusign people certified the app for production.
I followed the "Go Live" documentation and changed the endpoint from https://demo.docusign.net/restapi to https://www.docusign.net/restapi in my apiClient.setBasePath(), however, I'm getting a USER_AUTHENTICATION_FAILED error.
The username and password have been set to the same as on the demo sandbox, so I know they are correct. Also the IntegratorKey is the same as the demo sandbox, and after they certified the app, I can now see it in my production account.
Here is a pastebin of the error
Any assistance would be greatly appreciated!

This is most likely a baseUrl issue, you should be parsing the baseUrl that is returned in the login API and using that as the base for subsequent API requests in production.
In your developer sandbox (ie demo) environment all URLs start with "https://demo.docusign.net/" which is why all your test calls work in demo, in the live production system the account URL will vary based on user and which data center their live production account resides on.
You need to parse the baseUrl value that is returned from the Authentication:login API and use that as the base for subsequent DocuSign API requests, or use the base_uri value if using OAuth.

Related

There are no redirect URIs registered with DocuSign

We went live with DocuSign integration a while back. In the development, we're able to authenticate the DocuSign credentials of the user and then they're able to send documents for eSign.
After going live, our customers trying to authenticate their DocuSign credentials on our app are getting URI not present error.
Any idea where we're going wrong.
You need to configure the key again in the production environment.
These URIs are not copied over for you even after you went live.

I'm getting a redirect_uri_mismatch when deploying my Node.js app to Heroku using Google OAuth2

I'm tasked with making a server using Node.js which will read emails from a Google account and parse the content from those emails into data we can store in a database. I'm using Google's googleapis package (v103.0.0) in NPM to authenticate/authorize with whichever account we'd like to use.
The issue comes when we try to switch accounts and have the user re-auth. During development on a local machine, the Auth process works as expected:
The client requests an Auth URL.
The server generates a new Auth URL and sends it back to the client.
The client redirects to that URL and the Google Consent Screen is shown.
The client is asked to choose between logged-in Google accounts.
The client authorizes the application and is redirected back to the server with a code.
The server uses the code to generate/save a token, which allows it to use the Gmail API.
However, after deploying to Heroku, the Google Consent Screen no longer allows the user to select an account. Instead, at step 3, it shows this message. In just about every other question related to this error, there's always additional information below the error code/message, but nothing's there for me. I made sure: (1) the domain I'm using in Heroku is verified on the Google Cloud Console, and (2) the redirect_uri within the Node.js application is passing the correct domain to the Auth URL, even while in production.
I can't provide the URL for privacy reasons, but let me know if there's any source code or Cloud Console info I should include.
It didn't take long after posting this question, but I realized I was using an incorrect OAuth 2.0 Client ID type. I was attempting to use "Desktop" when I should've been using "Web application" instead. Take a look at this image to see the difference.
When you select "Web application", you're given some new options: Authorized JavaScript origins, and Authorized redirect URIs. This is where you need to fill out the allowed URIs. Here's a sample of what that should look like.

Does Docusign Basic API support Oauth JWT grant?

I have built an integration with the Docusign API, but am unable to successfully complete the JWT auth flow with our production account.
Everything works fine in our sandbox account - I went through all the steps described in the docs (https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken),
and successfully promoted the integration key to our production account.
However, with the production account, running through the same code to initiate the JWT results in a 400 Bad Request error, with no additional information about the nature of the failure. I've double checked that we are using the correct oauth base domain (what Docusign calls aud) and that RSA keys and redirect URLs are correctly
configured for the production account.
I've also gone through all of the "go live" steps, except for one which mentions migrating users, since it doesn't seem
like this functionality is available on our production account dashboard. On the sandbox account, which has all enterprise features enabled,
the sidebar has a section for "Users and Groups" but there is no such section on our production account.
I'm wondering if the root of the problem is that our production account, which is the Basic API level account, doesn't have adequate permissions
to support the use case I'm building for.
Unfortunately I can't get a straight answer from either account reps or tech support folks as to whether this is true.
are you trying to use the same RSA key you used in Sandbox in Production by any chance?
Also, did you actually get your IK certified and active in production?

How to auth from production nodejs server to get token for google spreadsheets API

i've implemented Google Spreadsheets API in an nodejs server, on localhost first time it asked to go to some specific url and copy token, i did this and everything was fine.
But on PROD, i see that it asks for the same thing, but i can't do that for PROD server ( i mean that i can't open console like on local machine and insert that code generated by google ).
So, what can i do? How can i make it works for PROD server.
P.S i've already tried with API keys, but it expects OAuth 2 access token.
I'm not sure what you mean. Could you post some code?
Generally when using the Google SDK in Node, you have the standard developer token, and you get a user access token from the user's Google account - whether that's you or anyone else. You can set those in your environment such as a .env file or in your app's settings on something like Heroku. There's no need for a console.

apiClient.ConfigureJwtAuthorizationFlow, return a OAuthToken in localhost but null in test enviroment

We are testing the use of Docusign, within the approval flow of a business application.
We are using the OAuth solution for Service integrations, the JWT (JSON Web Token) flow.
When I call the apiClient.ConfigureJwtAuthorizationFlow method in the aplication hosted in IIS Localhost, I obtain the OAuthToken and can send envelopes.
But when I deploy the solution on the Test server, with the same userId, integratorKey and privateKey, the call to apiClient.ConfigureJwtAuthorizationFlow method return null.
I did:
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=XXXXXXXXXXXX&redirect_uri=https://www.docusign.com
Do you have any idea how to fix this? What's the matter?
Have you tried using the C# .Net Core or C# .Net Framework examples? See if one of those examples work on your Test server. If they do, the problem is in your code. If they don't then they are the first issue to be solved.
As you say, there should be no difference in where you run your application.
The usual issues to be checked for a test server: Firewall rules, DNS configuration, SSL root certificate store, etc.
Also, the url you gave is used for manually granting consent. It is only needed once per user (on demo). You only use that URL once to grant consent. After that, the JWT token can be used to get an access token which impersonates the user.

Resources