Reputation: 53
How to request for an extended scope refresh token in docusign while refreshing access token
I have included the 'extended' scope while generating the authorization URI for oauth code grant flow, but while refreshing the access token, in the response I am getting the scope as 'signature'. How to get the refresh token with extended scope when refreshing the access token. I have attached my code to get the access token from refresh token.
auth_string = "{0}:{1}".format(
DOCUSIGN_CLIENT_ID, DOCUSIGN_CLIENT_SECRET
)
auth_encoded_hash = b64encode(auth_string.encode("utf-8"))
auth_header = auth_encoded_hash.decode("utf-8")
url = "https://account-d.docusign.com/oauth/token"
headers = {
"Authorization": "Basic {0}".format(auth_header),
"Content-Type": "application/x-www-form-urlencoded",
}
body = {"grant_type": "refresh_token", "refresh_token": refresh_token}
_response = requests.post(url, data=body, headers=headers)
response = _response.json() # here I am getting scope as 'signature'
My second follow up question on this, if the refresh token itself get expires while refreshing the access token what would be the error message I will be getting in the response above?
Upvotes: 0
Views: 860
Answers (2)
Reputation: 49114
The refresh operation request does not include scopes. The refresh operation response may include the scopes that were previously requested.
Here is the refresh operation:
curl --location --request POST 'https://account-d.docusign.com/oauth/token' \
--header 'Authorization: Basic 'NWYxZTg4…………...TJkOGI2Yg==' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'refresh_token=eyJ0eX…………...Dp_hA' \
--data-urlencode 'grant_type=refresh_token'
If the refresh operation succeeds, then the response contains a new access token and a new refresh token.
Next, throw away the old refresh token and use the newly received refresh token until the next time.
In other words:
- the first refresh API call uses the refresh token returned by the Authorization Code grant flow
- then each subsequent refresh API call uses the refresh token returned by the prior refresh API call
Blog post about using refresh tokens
Upvotes: 0
Reputation: 14015
The "extended" scope is needed when you originally consent and get the token from the user so that the refresh token will not expire for 30 days. It is not needed every time you use said refresh token to obtain a new access token.
Error messages for an expired token will typically get an invalid grant error, but the error is subject to change, you should handle all errors and not look for a particular error string.
See Which is the error returned when a DocuSign refresh token is expired? for similar question/answer.
Upvotes: 1
Related Questions
- How to get access token using refresh token in DocuSign and PHP?
- How to added extended scope in Docusign token creation
- DocuSign jwt access token renewal
- refresh_token method in DocuSign SDK?
- How to use the docusign_esign Python library with a refresh token?
- Refresh JWT tokens on each request
- How do I request a new refresh token when the last one expired?
- How to refresh JWT token using Docusign Java SDK?
- How long the refresh token expires for the DocuSign API oAuth
- OAuth Authorization code grant - Docusign - Error response while making calls to generate access and refresh tokens from auth code