Reputation: 425
Docusign Authentication
I have just started reading up docusign and have to implement it in my project using PHP. The requirement being, once user accepts the offer, he is directed to the document for signing. I understood the template and envelop creation but am stuck at the first step of authorization. I used the Legacy Header Authentication which is easy and works. But they are discouraging using this method anymore. So what to do instead of this? Thanks in advance.
Upvotes: 0
Views: 597
Answers (2)
Reputation: 9
I tried "rolling my own" JWT authentication, but gave up. I have found that Chilkat (chilkatsoft.com) works well:
Function Authenticate(SenderEmail2 As String) As Boolean
'MsgBox("AuthToDocuSign.Authenticate()") 'IHF 04/28/22
Authenticate = False
Dim oauth2 As New Chilkat.OAuth2
Dim success As Boolean
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 Or SecurityProtocolType.Tls Or SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls12 'IHF 05/01/22
' This should be the port in the localhost Redirect URI for your app defined in the Docusign developer portal.
' The Redirect URI would look like "http://localhost:3017/" if the port number is 3017.
oauth2.ListenPort = 8080
' For developer sandbox environment, authorization endpoint is https://account-d.docusign.com/oauth/auth
' For production platform, authorization endpoint is https://account.docusign.com/oauth/auth
oauth2.AuthorizationEndpoint = "https://account.docusign.com/oauth/auth"
oauth2.TokenEndpoint = "https://account.docusign.com/oauth/token"
oauth2.ClientId = "c55048e7-fae1-4ad1-b223-258fce040f57" 'PROD. Also known as Integration Key
' This is your secret key for the authorization code grant.
oauth2.ClientSecret = "f1ddad37-a731-44b1-9679-e7f4268ec4a2" 'PROD. Also known as Secret Key [Fix 04/28/22] ?
oauth2.Scope = "signature"
'oauth2.Scope = "signature impersonation" 'IHF 02/14/22
oauth2.RedirectAllowHtml = "<html><head><meta http-equiv='refresh' content='0;url=https://app.docusign.com'></head><body>Thank you for allowing access.</body></html>" 'PROD. appdemo.docusign.com in DEV
' Begin the OAuth2 three-legged flow. This returns a URL that should be loaded in a browser.
Dim url As String = oauth2.StartAuth()
If (oauth2.LastMethodSuccess <> True) Then
Debug.WriteLine(oauth2.LastErrorText)
Exit Function
End If
ServicePointManager.Expect100Continue = True 'IHF 02/28/22
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 'IHF 02/28/22
Process.Start("C:\Program Files\Internet Explorer\iexplore.exe", url)
' Now wait for the authorization.
' We'll wait for a max of 30 seconds.
Dim numMsWaited As Integer = 0
While (numMsWaited < 30000) And (oauth2.AuthFlowState < 3)
oauth2.SleepMs(100)
numMsWaited = numMsWaited + 100
End While
' If there was no response from the browser within 30 seconds, then
' the AuthFlowState will be equal to 1 or 2.
' 1: Waiting for Redirect. The OAuth2 background thread is waiting to receive the redirect HTTP request from the browser.
' 2: Waiting for Final Response. The OAuth2 background thread is waiting for the final access token response.
' In that case, cancel the background task started in the call to StartAuth.
If (oauth2.AuthFlowState < 3) Then
oauth2.Cancel()
Debug.WriteLine("No response from the browser!")
Exit Function
End If
' Check the AuthFlowState to see if authorization was granted, denied, or if some error occurred
' The possible AuthFlowState values are: 3: Completed with Success. 4: Completed with Access Denied. 5: Failed Prior to Completion.
If (oauth2.AuthFlowState = 5) Then
Debug.WriteLine("OAuth2 failed to complete.")
Debug.WriteLine(oauth2.FailureInfo)
Exit Function
End If
If (oauth2.AuthFlowState = 4) Then
Debug.WriteLine("OAuth2 authorization was denied.")
Debug.WriteLine(oauth2.AccessTokenResponse)
Exit Function
End If
If (oauth2.AuthFlowState <> 3) Then
Debug.WriteLine("Unexpected AuthFlowState:" & oauth2.AuthFlowState)
Exit Function
End If
Debug.WriteLine("OAuth2 authorization granted!")
Debug.WriteLine("Access Token = " & oauth2.AccessToken)
accessToken = oauth2.AccessToken 'IHF 02/14/22
' Get the full JSON response:
Dim json As New Chilkat.JsonObject
json.Load(oauth2.AccessTokenResponse)
json.EmitCompact = False
Debug.WriteLine(json.Emit())
' Save the JSON to a file for future requests.
Dim fac As New Chilkat.FileAccess
fac.WriteEntireTextFile("qa_data/tokens/docusign.json", json.Emit(), "utf-8", False)
Authenticate = success
End Function 'IHF 04/28/22
Upvotes: 0
Reputation: 49114
Is your application used to send out the request for signing?
If so, then the user of your application should probably have their own account on DocuSign. You should use OAuth authorization code grant to let your app's user login and send out the signing request.
For example, an employee uses your app to send out offer letters. In this case, your employee would authenticate himself to DocuSign via your app using OAuth Authorization Code Grant.
Or is the user of your application the signer who will be agreeing to something via DocuSign? If so then your app needs to create an envelope to be signed by the signer. Since the user of your application in this case is not a member of your company/organization, you need your app to impersonate someone who is a member of your org.
In this case, your app can use JWT authentication with impersonation to act on behalf of someone.
For example, your application is used by potential new employees to agree to the offered employment contract. In this case, the user of your app (the new employee) doesn't have a DocuSign login. So your app impersonates (using the JWT flow) an HR person in your company. Your app then, on behalf of the HR person, enables the new employee to sign the offer letter or generate new letter that will be sent for signing via DocuSign.
If JWT authentication fits your user case, we have a code example for PHP. See https://github.com/docusign/eg-01-php-jwt
We also have an Authorization code grant example for PHP.
Upvotes: 1