Skip to main content
arrow-left Back to Docusign.com
Solved

Facing Issues

  • February 2, 2024
  • 4 replies
  • 207 views
S
New Voice
Forum|alt.badge.img+2

Hi 
I am facing these kind of issues 
 

{

    "error": "invalid_grant",

    "error_description": "no_valid_keys_or_signatures"

}
in jwt token to get Access token
i give prpoer integration , secreat and private key but facing same issues 
so, how can i solve that one
So any one have a sample application for jwt grant type , please send as the zip format

Best answer by Alex.Sakamoto

Hi @Saravana, have you seen this guide from the Docusign Developer Center - How to get an access token with JWT Grant. The error you are receiving is highlighted towards the bottom of the page, and I’m also posting below: 

invalid_grant: no_valid_keys_or_signatures

One of the most common ways to encounter this error is for the iat and exp timestamp values in the JWT body to be incorrect. To test this, you can update the value of iat to the current Unix epoch time and exp to that value + 4000, then run the call again.

 

Here’s some token best practices as well:

Token expiration and best practices

The access token granted by JWT Grant expires after one hour, and no refresh token is provided. After the token expires, you must generate a new JWT and exchange it for a new access token.

You can reuse most of the old assertion, just modifying the iat and exp values and updating the signature, then submit the updated JWT to get a new access token.

Generally, apps that use JWT should get a new access token about 15 minutes before their existing one expires. This gives your system time to recover in case something goes wrong with the exchange.

 

 

4 replies

S
New Voice
Forum|alt.badge.img+2
  • SaravanaNew Voice
  • Author
  • New Voice
  • February 2, 2024

Hi 
I am facing these kind of issues 
 

{

    "error": "invalid_grant",

    "error_description": "no_valid_keys_or_signatures"

}
in jwt token to get Access token
i give prpoer integration , secreat and private key but facing same issues 
so, how can i solve that one
So any one have a sample application for jwt grant type , please send as the zip format

R
Newcomer
Forum|alt.badge.img+1

Hello Saravana,

it was working correctly.

But now i have the same problem.
did you manage to solve ?

Alex.Sakamoto
Docusign Employee
Forum|alt.badge.img+2
  • Alex.SakamotoDocusign Employee
  • Docusign Employee
  • Answer
  • April 12, 2024

Hi @Saravana, have you seen this guide from the Docusign Developer Center - How to get an access token with JWT Grant. The error you are receiving is highlighted towards the bottom of the page, and I’m also posting below: 

invalid_grant: no_valid_keys_or_signatures

One of the most common ways to encounter this error is for the iat and exp timestamp values in the JWT body to be incorrect. To test this, you can update the value of iat to the current Unix epoch time and exp to that value + 4000, then run the call again.

 

Here’s some token best practices as well:

Token expiration and best practices

The access token granted by JWT Grant expires after one hour, and no refresh token is provided. After the token expires, you must generate a new JWT and exchange it for a new access token.

You can reuse most of the old assertion, just modifying the iat and exp values and updating the signature, then submit the updated JWT to get a new access token.

Generally, apps that use JWT should get a new access token about 15 minutes before their existing one expires. This gives your system time to recover in case something goes wrong with the exchange.

 

 

Renan.Araujo
Renan.Araujo
Docusign Employee
Forum|alt.badge.img+3

In addition to @Alex Sakamoto’s answer you need to check if the RSA keypairs are properly provided in our code.

Keep in mind that you need to provide the private key entirely (with footer and header) as the signature to sign your assertion.

You don’t need to provide a secret key for a JWT Grant process, RSA private key will do its job for this grant type. 

 

😎

Code of ConductAccessibility statement

Docusign Community

Code of Conduct