Docusign Access Token

[riza-khan]

I want to hit Docusign's API via Kulala:

### definition of template

GET {{DOCUSIGN_BASE_URL}}/v2.1/accounts/{{DOCUSIGN_ACCOUNT_ID}}/templates
Accept: application/json
Authorization: Bearer {{$auth.token("docusign")}}

This video helped me setup Kulala.

My docusign config looks like this in Kulala:

        "docusign": {
          "Acquire Automatically": false,
          "Auth URL": "https://account-d.docusign.com/oauth/auth",
          "Client ID": "0...",
          "Client Secret": "5....",
          "Expires In": 4000,
          "Grant Type": "Authorization Code",
          "PKCE": true,
          "JWT": {
            "header": {
              "alg": "RS256",
              "typ": "JWT"
            },
            "payload": {
              "exp": 4000,
              "iss": "0..",
              "sub": "d..",
              "aud": "account-d.docusign.com",
              "scope": "signature impersonation"
            }
          },
          "Redirect URL": "https://www.google.com/",
          "Scope": "signature impersonation",
          "Type": "JWT",
          "Token URL": "https://account-d.docusign.com/oauth/token"
        },

I'm able to get the code from the browser:

When I enter it in Kulala it doesn't then reach out to the Token URL (https://account-d.docusign.com/oauth/token) to retrieve the access_token.

Should it or is that a manual step?

I did try the manual step but it fails:

### access_token

POST https://account-d.docusign.com/oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: Basic {{DOCUSIGN_INTEGRATION_KEY}}:{{DOCUSIGN_CLIENT_SECRET}}

grant_type=authorization_code&code=eyJ0eX

Error:

{
  "error": "invalid_request",
  "error_description": "code verifier required"
}

[riza-khan]

And I'm not sure if it is relevant here but getting this error as well:

Error in coroutine: ...cal/share/nvim/lazy/kulala.nvim/lua/kulala/cmd/oauth.lua:71: attempt to concatenate field 'error_description' (a nil value)

[YaroSpace]

When I enter it in Kulala it doesn't then reach out to the Token URL (https://account-d.docusign.com/oauth/token) to retrieve the access_token.

It certainly should. How do you know it does not reach out to the Token URL? Are you getting any messages?

It fails with the manual step, because the request for the access token should contain fields: client_id, code, grant_type and PKCE code_verifier. (The Authorization header should not be required usually, unless it is Docusign's specifics)

The Error in coroutine is a bug, will fix it and it might be affecting the flow.

Let me push a fix and I will also add some logging to the intermediary auth requests, so we can see what is happening during the token request.

Btw, it you put localhost or 127.0.0.1 in the Redirect URL, Kulala should acquire the code from the browser automatically.

[YaroSpace]

Pushed an update to develop.
Set debug = true in Kulala options and tell me what messages you get.

[YaroSpace]

Hmm, it works for me.

[riza-khan]

Can you share you config? Perhaps I've added something I shouldn't have

"docusign": {
          "Acquire Automatically": false,
          "Auth URL": "https://account-d.docusign.com/oauth/auth",
          "Client ID": "04..9e",
          "Client Secret": "5f..8d2",
          "Expires In": 4000,
          "Grant Type": "Authorization Code",
          "Client Credentials": "basic",
          "PKCE": true,
          "Redirect URL": "https://google.com",
          "Scope": "signature impersonation",
          "Token URL": "https://account-d.docusign.com/oauth/token"
        },

[YaroSpace]

    "Security": {
      "Auth": {
        "Docusign": {
          "Acquire Automatically": true,
          "Auth URL": "https://account-d.docusign.com/oauth/auth",
          "Client Credentials": "basic",
          "Client ID": "513e2fb6-66f8-447d-810b-10f3484bf30e",
          "Client Secret": "9560cbe2-8840-457b-88cb-12f1854cd669",
          "Custom Request Parameters": {
            "login_hint": {
              "Use": "In Auth Request",
              "Value": "[email protected]"
            },
            "state": {
              "Use": "In Auth Request",
              "Value": "state"
            }
          },
          "Grant Type": "Authorization Code",
          "Redirect URL": "http://127.0.0.1",
          "Revoke URL": "",
          "Scope": "signature",
          "Token URL": "https://account-d.docusign.com/oauth/token",
          "Type": "OAuth2",
          "Use ID Token": false
        },

Url: https://account-d.docusign.com/oauth/token
Payload: client_id=513e2fb6-66f8-447d-810b-10f3484bf30e&code=eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAYABwAAKba8YsXdSAgAALU8BGPF3UgCAOmpdXo6rvVKkb7TqdxSqyUVAAEAAAAYAAEAAAAFAAAADQAkAAAANTEzZTJmYjYtNjZmOC00NDdkLTgxMGItMTBmMzQ4NGJmMzBlIgAkAAAANTEzZTJmYjYtNjZmOC00NDdkLTgxMGItMTBmMzQ4NGJmMzBlNwCAzsZZ5sAhTaiJuu_I1QIIMACAuU9SX8XdSA.y_SjTsBp4Uft2m5MNpt3yr1FW6vUWzyeIGU-t1UHyXj8tw8A7YIgawsqLf_y6WFh6EAzexkXzBBMPYWwG6UyVPZBBrrEJx5BdXhXnE-sBfbDAwfWCyQU3gMu6aoP4YoLVURaCvAj6QlOHgZ_Ajnlbj0SMaj_PIvVthU94PMYk8JlzXXHLgIaWLh9du4mNqxmGe8DcssZHfepcagGLywdjf7kd2brA-xP6G9s5p-QSPDbqNF0yEeA1YLMNUPsGnKlIss19bOXdngSgzmZHz0cCdSHnhyCE-jFxdW72UvQ2ZubjFehqglJ-82N3CB6N-ldr3s_tPhbL1NuCyE66sfCrA&redirect_uri=http://127.0.0.1&grant_type=authorization_code&client_secret=9560cbe2-8840-457b-88cb-12f1854cd669
Headers: Authorization: Basic NTEzZTJmYjYtNjZmOC00NDdkLTgxMGItMTBmMzQ4NGJmMzBlOjk1NjBjYmUyLTg4NDAtNDU3Yi04OGNiLTEyZjE4NTRjZDY2OQ

[YaroSpace]

Try switching off PKCE

[YaroSpace]

I will have a look why PKCE fails.

[riza-khan]

Got it @YaroSpace

Again many thanks... amazing truly.

[riza-khan]

I will have a look why PKCE fails.

I switched it off in the Docusign Admin and it started to work.

[YaroSpace]

Glad to help! Always fun 😄

[YaroSpace]

If you come over to https://discord.gg/QyVQmfY4Rt, we can try debugging it in real time.

[riza-khan]

Meetings all morning but will absolutely do.

Might as well, I spend most of my time on your work :D