docusign-esign-ruby-client icon indicating copy to clipboard operation
docusign-esign-ruby-client copied to clipboard
verified publisher icon docusign

Question about authentication in version 3

Open SolomonHD opened this issue 6 years ago • 1 comments

Hi,

How is authentication supposed to work now? I was on the 1.0.2 gem and this code was working:

namespace :auth do
  desc 'Check if auth token is expired'
  task check_token: :environment do
    @refresh_token = true
    @access_token_file = ENV['ACCESS_TOKEN_FILE']
    if File.exist? @access_token_file
      json_web_token = YAML.load(File.read(@access_token_file))
      expires_at = json_web_token[:expires_at]
      if expires_at >= Time.now - 300
        puts 'Loading JSON Web Token from file'
        @api_client = json_web_token[:access_token]
        @refresh_token = false
      end
    end
  end

  desc 'Load Dotenv config and generate token'
  task get_token: :check_token do
    integration_key = ENV['INTEGRATION_KEY']
    private_key = ENV['RSA_PRIVATE_KEY_FILE']
    api_username = ENV['API_USERNAME']
    api_endpoint = ENV['API_ENDPOINT']
    auth_server = ENV['AUTH_SERVER_URL']
    @account_id = ENV['ACCOUNT_ID']
    if @refresh_token == true
      puts 'Generating new access token'
      configuration = DocuSign_eSign::Configuration.new
      configuration.host = api_endpoint
      @api_client = DocuSign_eSign::ApiClient.new configuration
      @api_client.configure_jwt_authorization_flow(private_key, auth_server, integration_key, api_username, 3600)
      json_web_token = Hash.autonew
      json_web_token[:access_token] = @api_client
      json_web_token[:expires_at ] = Time.now + 3600
      File.open(@access_token_file, 'w') { |file| file.write(json_web_token.to_yaml) }
    end
  end

But now it seems the configure_jwt_authorization_flow method has been replaced by request_jwt_user_token? But the method seems different and I don't understand what input it's expecting for scope. Can I get an example to work of off please.

SolomonHD avatar Oct 18 '19 19:10 SolomonHD

The eg-01-ruby-jwt should provide the example code but it hasn't been updated yet. I've filed DEVDOCS-1615

Re: use request_jwt_user_token? Yes, that's correct.

Meanwhile, here is my suggestion. Notes:

  1. Use the defaults for the scope and expires_in
  2. It is better InfoSec to provide the private key as a string value, vs storing it on disk for the SDK to read. The string must include new line characters and the private key's header/trailer lines.
    # Request JWT User Token
    # @param [String] client_id DocuSign OAuth Client Id(AKA Integrator Key)
    # @param [String] user_id DocuSign user Id to be impersonated
    # @param [String] private_key_or_filename the RSA private key
    # @param [Number] expires_in number of seconds remaining before the JWT assertion is considered as invalid -- Use default
    # @param scopes The list of requested scopes.  Client applications may be scoped to a limited set of system access. -- use default
    # @return [OAuth::OAuthToken]
    token = request_jwt_user_token(client_id, user_id, private_key_or_filename)

LarryKlugerDS avatar Nov 11 '19 09:11 LarryKlugerDS