Consent Required Error When Using RequestJWTUserToken

Question

I'm trying to use the DocuSign Rest API to retrieve a completed envelope. When I call RequestJWTUserToken, I get an error that user consent is required. I have the Organization Administration enabled and my application authorized with permissions "extended impersonation signature" (I've tried each individually and get the same error so added all in hopes that this gives me access to everything). I'm using a user who is also an admin.

My understanding from reading the Obtaining Consent documentation is that by using "admin consent for internal applications" and authorizing my application, this grants consent on behalf of all users and I don't need any user interaction. What am I doing wrong?

List<string> scope = new List<string>();
scope.Add(OAuth.Scope_EXTENDED);
scope.Add(OAuth.Scope_SIGNATURE);
scope.Add(OAuth.Scope_IMPERSONATION);


_AccessToken = _ApiClient.RequestJWTUserToken(client_id, "3c524db3-2971-4ed3-80af-45646b52ca5b", OAuth.Demo_OAuth_BasePath, privateKeyBytes, 4, scope);

Answer 1

Admin Consent works if all below conditions are met:

• As an Org Admin, you have successfully claimed your email domain in DocuSign (this can be done using Domain Tile)
• The users for whom you want to create an AccessToken also belong to same email domain which you have claimed in DocuSign
• Added interested scopes "impersonation signature" for your IntegratorKey using Application Tile, extended scope is of no use in JWT scenario.

If you have done all above three steps, then you should be able to generate AccessToken for a user with JWT using Admin Consent.