我正在使用https://github.com/docusign/docusign-python-client(docusign python SDK)中的示例。尽管通过使用下面的oauth_login_url给出的URL登录来授予访问权限,但后续的" api_client.configure_jwt_authorization_flow"电话总是会导致“同意收到”'错误。使用右重定向URI和密钥对(其中我使用私钥作为private_key_filename)设置相应的集成器密钥。请注意,该帐户尚未与任何组织相关联。我还没有。但我希望这个基本流程可以正常工作。知道什么可能导致这个错误吗?
oauth_login_url = api_client.get_jwt_uri(integrator_key, redirect_uri, oauth_base_url)
print(oauth_login_url)
https://account-d.docusign.com/oauth/auth?response_type=code&client_id=<integrator_key>&scope=signature%2Bimpersonation&redirect_uri=https%3A%2F%2Fwww.docusign.com%2Fapi
integrator_key = "<My INTEGRATOR_KEY1 from Docusign>"
redirect_uri = "https://www.docusign.com/api" <== same as in the Integrator Key
oauth_base_url = "account-d.docusign.com"
private_key_filename = "/Users/myname/Desktop/private.key"
user_id = "46933ecb-9aec-4fe3-8efe-7d5777ac9b54" <== Silly me, anonymized:) but to indicate I am not using email
api_client.configure_jwt_authorization_flow(private_key_filename, oauth_base_url, integrator_key, user_id, 3600)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/userme/projects/docudocu/lib/python2.7/site-packages/docusign_esign/api_client.py", line 118, in configure_jwt_authorization_flow
post_params=self.sanitize_for_serialization({"assertion": assertion, "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer"}))
File "/Users/userme/projects/docudocu/lib/python2.7/site-packages/docusign_esign/api_client.py", line 418, in request body=body)
File "/Users/userme/projects/docudocu/lib/python2.7/site-packages/docusign_esign/rest.py", line 244, in POST body=body)
File "/Users/userme/projects/docudocu/lib/python2.7/site-packages/docusign_esign/rest.py", line 200, in request
raise ApiException(http_resp=r)
docusign_esign.rest.ApiException: (400)
Reason: Bad Request
HTTP response headers: HTTPHeaderDict({'X-DocuSign-Node': 'CH1DFE2', 'Content-Length': '28', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'X-Content-Type-Options': 'nosniff', 'Content-Type': 'application/json; charset=utf-8', 'Expires': '-1', 'Content-Security-Policy-Report-Only': "script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';img-src https://docucdn-a.akamaihd.net/ 'self';font-src 'self';connect-src 'self';object-src 'none';media-src 'none';frame-src 'none';frame-ancestors 'none';report-uri /client-errors/csp", 'X-XSS-Protection': '1; mode=block', 'X-DocuSign-TraceToken': 'b009b0a6-19ad-4e58-844e-76fc5b509cbb', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Date': 'Wed, 29 Nov 2017 22:52:10 GMT', 'X-Frame-Options': 'SAMEORIGIN', 'X-AspNetMvc-Version': '5.2'})
HTTP response body: {"error":"consent_required"}
答案 0 :(得分:1)
您没有显示您用于创建JWT令牌的参数。这对调试很有帮助。 (您可以编辑您的问题以添加其他信息。)
在此期间,请检查您是否在JWT令牌中提供了用户ID的guid版本,而不是他们的电子邮件。
另外,请查看我的blog post以获取更多信息。
答案 1 :(得分:1)
如果您使用的是用户同意,那么您不需要组织。您需要在DocuSign帐户中配置Create IntegratorKey,Create RedirectURI,CreateSecretKey (only required if you want to know userId using OAUTH APIs),Create Public/Private RSA Key。
获取userConsent的授权代码授予URL应引用在DocuSign帐户中配置的相同IntegratorKey,redirectURI。同样的Integrator Key也应该用于生成JWT。对于演示环境,oauth_base_path也应该是account-d.docusign.com。我建议使用JWT创建JWT并使用PostMan测试流程。并使用Epoch Time Converted生成iat和exp声明。
此处还解释了JWT相关OAUTH的详细信息,JWT OAUTH,如果您未使用组织,请忽略管理员同意。