Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about authentication in version 3 #27

Open
SolomonHD opened this issue Oct 18, 2019 · 1 comment
Open

Question about authentication in version 3 #27

SolomonHD opened this issue Oct 18, 2019 · 1 comment
Labels
DEVDOCS-1615 question responded

Comments

@SolomonHD
Copy link

Hi,

How is authentication supposed to work now? I was on the 1.0.2 gem and this code was working:

namespace :auth do
  desc 'Check if auth token is expired'
  task check_token: :environment do
    @refresh_token = true
    @access_token_file = ENV['ACCESS_TOKEN_FILE']
    if File.exist? @access_token_file
      json_web_token = YAML.load(File.read(@access_token_file))
      expires_at = json_web_token[:expires_at]
      if expires_at >= Time.now - 300
        puts 'Loading JSON Web Token from file'
        @api_client = json_web_token[:access_token]
        @refresh_token = false
      end
    end
  end

  desc 'Load Dotenv config and generate token'
  task get_token: :check_token do
    integration_key = ENV['INTEGRATION_KEY']
    private_key = ENV['RSA_PRIVATE_KEY_FILE']
    api_username = ENV['API_USERNAME']
    api_endpoint = ENV['API_ENDPOINT']
    auth_server = ENV['AUTH_SERVER_URL']
    @account_id = ENV['ACCOUNT_ID']
    if @refresh_token == true
      puts 'Generating new access token'
      configuration = DocuSign_eSign::Configuration.new
      configuration.host = api_endpoint
      @api_client = DocuSign_eSign::ApiClient.new configuration
      @api_client.configure_jwt_authorization_flow(private_key, auth_server, integration_key, api_username, 3600)
      json_web_token = Hash.autonew
      json_web_token[:access_token] = @api_client
      json_web_token[:expires_at ] = Time.now + 3600
      File.open(@access_token_file, 'w') { |file| file.write(json_web_token.to_yaml) }
    end
  end

But now it seems the configure_jwt_authorization_flow method has been replaced by request_jwt_user_token? But the method seems different and I don't understand what input it's expecting for scope. Can I get an example to work of off please.
@LarryKlugerDS
Copy link
Contributor

LarryKlugerDS commented Nov 11, 2019
edited
Loading

The eg-01-ruby-jwt should provide the example code but it hasn't been updated yet. I've filed DEVDOCS-1615

Re: use request_jwt_user_token? Yes, that's correct.

Meanwhile, here is my suggestion.
Notes:

  1. Use the defaults for the scope and expires_in
  2. It is better InfoSec to provide the private key as a string value, vs storing it on disk for the SDK to read. The string must include new line characters and the private key's header/trailer lines.
    # Request JWT User Token
    # @param [String] client_id DocuSign OAuth Client Id(AKA Integrator Key)
    # @param [String] user_id DocuSign user Id to be impersonated
    # @param [String] private_key_or_filename the RSA private key
    # @param [Number] expires_in number of seconds remaining before the JWT assertion is considered as invalid -- Use default
    # @param scopes The list of requested scopes.  Client applications may be scoped to a limited set of system access. -- use default
    # @return [OAuth::OAuthToken]
    token = request_jwt_user_token(client_id, user_id, private_key_or_filename)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
DEVDOCS-1615 question responded
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gsnavin @SolomonHD @LarryKlugerDS