Consent Require Error while requesting JWT access code #118
Comments
|
Please see my comment on issue 111 Items to check:
|
|
Hi Larry, |
|
I have repeated the revocation and granting permission steps multiple times. Its still giving me the same error. This is crazy!! |
|
If the first sandbox was create awhile ago, it might have been set up with the wrong settings. |
|
Closing this issue since the answer has been provided. Please comment if you feel the issue should be re-opened. Thank you. |
|
I am also having this issue. I have worked with tech support to get the Organization Admin feature enabled, and have gone through the process of connecting the app and granting "impersonation" - still, I'm getting issues when simply trying to request an access token using the Node SDK apiClient requestJWTUserToken method. I'm getting a 400 Bad Request - which doesn't even bubble up a useful error message even if I add a callback function as a parameter. It's only through drilling down into the API code in the Promise error callback that I see the body stating - "consent_required" error. Please advise.. so far integrating with the SDK has been clunky, and is a huge turn off. Also - there seems to be some inconsistency (at least it appears that way), in what the SDK uses and the API Explorer tool
|
|
Hi @tapaz1 , Thank you for your message. You're raising a number of issues, let's see if I can help:
Since your JWT grant flow is asking for both
The latest version of the Java SDK is supposed to make the error code more accessible. Are you using the current version? Thank you.
Yes, that's because you're using the JWT grant flow via the SDK and the API Explorer is using the Authorization Code grant flow. |
|
Hey @LarryKlugerDS - thanks for the quick reply, I really appreciate it. Here is a screenshot of the admin permissions I've already granted - to no avail. Am I missing something? Please feel free to reach out to my directly to trouble shoot easier. Not sure you do screen sharing or anything like that. My email is on my profile page. Also to your other question - I'm using the latest version (think it's 5.2) of the NodeJS SDK - docusign-esign Thanks
Lastly, maybe my use case might be helpful to help steer me in a good direction. I'm trying to do the following:
Hope that helps |
|
Hi, Also, within the JWT grant request itself, you need to request Lastly, for this type use case where your software just needs to impersonate a single user in the system--in this case a "system user" such as "Billing_dept@example.com", it may be easiest to use individual consent. Here's how: To use individual consent:
|
|
Hi @LarryKlugerDS, I have not done the email domain match (I don't recall seeing that in the docs). Do you have details on how to do this? Per my previous post, I included a screenshot showing that I have already given the And the suggestion for individual consent is not a possible solution for us. Our application will be 100% automated, and used by external users. We simply want the authentication and handshake to happen programmatically so no one (us or the user) has to do anything other than visit a page, and see the contract to the begin the signing ceremony. Thanks |
|
Hi, The section is To prove ownership of a domain. The document implies that claiming a domain means using SSO. This is not true (the guide is being updated). The reality is that using SSO requires that a domain be claimed, and using administrative consent with an integration key also requires that a domain be claimed. But Administrative consent for an integration key does not require SSO. Also note that you need to grant Re individual consent: sorry, I wasn't clear. Because your signers are external users, they do not have logins on DocuSign. -- Yes, this is standard and understood. So you are using JWT to impersonate a specific DocuSign user in your account. That user will create the envelopes that your external signers will sign. That user is colloquially referred to as a "system user." For example, "finance@your-company.com". You can use individual grant, one time, for finance@your-company.com to grant consent to your integration key. Once that's done, your web site app will be able to use JWT to obtain an access token for the finance@your-company.com user, create envelopes, and enable your web site visitors to sign them. |
|
Hello, @LarryKlugerDS, If we have multiple DocuSign accounts in different datacenters like in EU and AU- then can we still claim domain? from the documentation I can see - one DocuSign organization -one domain What can we do in such scenarios? Do we have a workaround for granting consent on behalf of users from admin? |
|
I will need to check. The issue is the separate DocuSign datacenters. You can also try it and report what happens. Here are the steps:
|
|
Hello, @LarryKlugerDS |
|
Our product development group has confirmed that an organization can include accounts from multiple DocuSign sites. No, I wouldn't use the external apps flow for your own integration keys |
|
Hello @LarryKlugerDS, We do have admin enabled in demo account and for testing the JWT token auth- if we claim our domain from that account, will that in any way impact prod account? Just wanted to be sure before trying this one out |
|
Good question. The good news is that claiming an email domain for use by demo.docusign.net is entirely separate from claiming it for a production DocuSign account. (And I’ve asked to have this made more specific in the documentation.)
Test away!
Regards,
Larry
|
|
Thanks Larry :) |
|
Yes, see the docs:
|
|
I saw these docs. But when I log in as admin on the main account and when I go inside the organization - it does not show link administered account option. The user is administrator with all permission. Also clicked on Link account - but it did not show any other account from different DocuSign sites. it was only showing accounts from this DocuSign site. So not sure what exactly am i missing here. |
|
Are you sure that you have the org administration feature for your production accounts? As a next step, you'll need to call/write our customer support group for help. Unfortunately I don't have the skills or access to help further with org questions. |
|
Hi @LarryKlugerDS, I am currently building an application using Java SDK and my call to apiClient.requestJWTUserToke has been successful in dev's account. We are about to go live and already linked our dev's account to prod's account, changed the endpoints and etc but when I test it i am getting a consent_required error. I watched one of your youtube videos and you noted there that I need to have an admin account so we purchased one and just waiting it to appear on my dashboard. Is that all we need for us to go on live? |
|
Hi Jay, if you are having trouble with the consent_required error, I suggest:
If you don't get through to developer support, then add a comment with your case id and I'll ask the team to contact you. |
I am working with DocuSign Sandbox to test the JWT authentication. I have setup everything that is mentioned in the DocuSign JWT document. I provided the user consent as well. But when I am trying to get the access token using postman I am still getting "Consent_required" error. Tried user consent URL multiple times but since I have already granted the permission the consent page doesn't show up. I am not understanding where exactly the issue is. Why even after giving "signature impersonation" consent I am still getting error. This is for individual consent.
The text was updated successfully, but these errors were encountered: