search

docusign / docusign-esign-ruby-client

The Official DocuSign Ruby Library used to interact with the eSign REST API. Send, sign, and approve documents using this client.
MIT License
65 stars 62 forks source link

Question about authentication in version 3 #27

Open SolomonHD opened 4 years ago

SolomonHD commented 4 years ago

Hi,

How is authentication supposed to work now? I was on the 1.0.2 gem and this code was working:

namespace :auth do
  desc 'Check if auth token is expired'
  task check_token: :environment do
    @refresh_token = true
    @access_token_file = ENV['ACCESS_TOKEN_FILE']
    if File.exist? @access_token_file
      json_web_token = YAML.load(File.read(@access_token_file))
      expires_at = json_web_token[:expires_at]
      if expires_at >= Time.now - 300
        puts 'Loading JSON Web Token from file'
        @api_client = json_web_token[:access_token]
        @refresh_token = false
      end
    end
  end

  desc 'Load Dotenv config and generate token'
  task get_token: :check_token do
    integration_key = ENV['INTEGRATION_KEY']
    private_key = ENV['RSA_PRIVATE_KEY_FILE']
    api_username = ENV['API_USERNAME']
    api_endpoint = ENV['API_ENDPOINT']
    auth_server = ENV['AUTH_SERVER_URL']
    @account_id = ENV['ACCOUNT_ID']
    if @refresh_token == true
      puts 'Generating new access token'
      configuration = DocuSign_eSign::Configuration.new
      configuration.host = api_endpoint
      @api_client = DocuSign_eSign::ApiClient.new configuration
      @api_client.configure_jwt_authorization_flow(private_key, auth_server, integration_key, api_username, 3600)
      json_web_token = Hash.autonew
      json_web_token[:access_token] = @api_client
      json_web_token[:expires_at ] = Time.now + 3600
      File.open(@access_token_file, 'w') { |file| file.write(json_web_token.to_yaml) }
    end
  end

But now it seems the configure_jwt_authorization_flow method has been replaced by request_jwt_user_token? But the method seems different and I don't understand what input it's expecting for scope. Can I get an example to work of off please.

LarryKlugerDS commented 4 years ago

The eg-01-ruby-jwt should provide the example code but it hasn't been updated yet. I've filed DEVDOCS-1615

Re: use request_jwt_user_token? Yes, that's correct.

Meanwhile, here is my suggestion. Notes:

  1. Use the defaults for the scope and expires_in
  2. It is better InfoSec to provide the private key as a string value, vs storing it on disk for the SDK to read. The string must include new line characters and the private key's header/trailer lines.
    # Request JWT User Token
    # @param [String] client_id DocuSign OAuth Client Id(AKA Integrator Key)
    # @param [String] user_id DocuSign user Id to be impersonated
    # @param [String] private_key_or_filename the RSA private key
    # @param [Number] expires_in number of seconds remaining before the JWT assertion is considered as invalid -- Use default
    # @param scopes The list of requested scopes.  Client applications may be scoped to a limited set of system access. -- use default
    # @return [OAuth::OAuthToken]
    token = request_jwt_user_token(client_id, user_id, private_key_or_filename)