ApiClient.getAuthorizationUri returns an opaque URI

docusign / docusign-esign-java-client

The Official Docusign Java Client Library used to interact with the eSignature REST API. Send, sign, and approve documents using this client.

https://javadoc.io/doc/com.docusign/docusign-esign-java/latest/index.html

MIT License

105 stars 96 forks source link

ApiClient.getAuthorizationUri returns an opaque URI #208

Closed pblanchardie closed 2 years ago

pblanchardie commented 2 years ago

Using ApiClient.getAuthorizationUri((String clientId, java.util.List<String> scopes, String redirectUri, String responseType, String state) produces an opaque URI, which is unusable as it misses //

Sample result: https:account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=myid&redirect_uri=http%3A%2F%2Flocalhost%3A8080

It should begin with https://

LarryKlugerDS commented 2 years ago

That method is obsolete and planned to be removed in a future version of the SDK.

You should implement Authorization Code grant using a library for the web framework that you've decided to use. Because Authorization Code grant necessarily involves the web server (for sending the redirect, storing and then later using the state value, receiving the incoming auth code, etc), you need an OAuth library for your framework.

The JWT grant methods in the SDK will remain since they do not involve the user or browsers.