Friday, August 26, 2022

[FIXED] How to request for an extended scope refresh token in docusign while refreshing access token

      ,      No comments   

Issue

I have included the 'extended' scope while generating the authorization URI for oauth code grant flow, but while refreshing the access token, in the response I am getting the scope as 'signature'. How to get the refresh token with extended scope when refreshing the access token. I have attached my code to get the access token from refresh token.

        auth_string = "{0}:{1}".format(
            DOCUSIGN_CLIENT_ID, DOCUSIGN_CLIENT_SECRET
        )
        auth_encoded_hash = b64encode(auth_string.encode("utf-8"))
        auth_header = auth_encoded_hash.decode("utf-8")

 
        url = "https://account-d.docusign.com/oauth/token"

        headers = {
            "Authorization": "Basic {0}".format(auth_header),
            "Content-Type": "application/x-www-form-urlencoded",
        }

        body = {"grant_type": "refresh_token", "refresh_token": refresh_token}
        _response = requests.post(url, data=body, headers=headers)
        response = _response.json() # here I am getting scope as 'signature'

My second follow up question on this, if the refresh token itself get expires while refreshing the access token what would be the error message I will be getting in the response above?


Solution

The refresh operation request does not include scopes. The refresh operation response may include the scopes that were previously requested.

Here is the refresh operation:

curl --location --request POST 'https://account-d.docusign.com/oauth/token' \
--header 'Authorization: Basic 'NWYxZTg4…………...TJkOGI2Yg==' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'refresh_token=eyJ0eX…………...Dp_hA' \
--data-urlencode 'grant_type=refresh_token'

If the refresh operation succeeds, then the response contains a new access token and a new refresh token.

Next, throw away the old refresh token and use the newly received refresh token until the next time.

In other words:

  • the first refresh API call uses the refresh token returned by the Authorization Code grant flow
  • then each subsequent refresh API call uses the refresh token returned by the prior refresh API call

Blog post about using refresh tokens



Answered By - Larry K
Answer Checked By - Willingham (PHPFixing Volunteer)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...