An Ruby on Rails application that I support is failing to send an envelope after the login/consent-grant step in the flow diagram.  I receive a response to my callback URL with a ‘code’ parameter set:

https://elided-host.edu/auth/docusign/callback?code=eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiOGFlYzFjZjQtYmE4NS00MDM5LWE1MmItYzVhODAxMjA3N2EyIn0.AQoAAAABAAYABwCAQhCGVSDdSAgAgM6WzVUg3UgCAD4nwjoJTdpMt_Th1QcGWaMVAAIAAAAYAAEAAAAFAAAADQAkAAAAZmQxZjg5YjItNjZkNi00MGRlLWFhYzctNGFhMTgzNzBlOTY5IgAkAAAAZmQxZjg5YjItNjZkNi00MGRlLWFhYzctNGFhMTgzNzBlOTY5MACAQhCGVSDdSBIAAgAAAAsAAABpbnRlcmFjdGl2ZQcAAABtYW5hZ2Vk.EIkNnGHh1iLCYF1i5JXeyfzU26B7Fx5bJao7X1_3WSJ-N56AoFAy8JA3MLbEWjWtesbXWXplU5HkIN9TyGWYqdwplswU6ai2F5pWnHy1ntHXJr-p2OFGSb7UApcMU4l2Bd-hx3TITt4zgz-YpEfJ6aZT1xoFrkhNFsrwyjpS7LbmGXLxbIKiv61rVi-09l1kem0-V8CufYuaQusnOKWIwlSCSpLXttRumLR4MUGLdTJ5AHEO5LXuKejdojD-M-P9iiTP8VRjnVSp50zi31vLeK6ghyT_ZQEeTs7aqoXIT8afi945JEExuLsIBURdQkIoQLqU0N_jftccaQlGm-YgzA&state=3066440d77f347fa1c1096f597dee488c55609163cc571f2

This is followed by another request to the failure path:

https://elided-host.edu/auth/failure?message=invalid_credentials&origin=https%3A%2F%2Felided-host.edu%2F&strategy=docusign

My integration with DocuSign uses a Shibboleth/Duo-2-factor login identification with our college’s server and when I login to my account.docusign.com using the same credentials I supplied to the app (API) I’m able to login, so the ‘invalid_credentials’ error doesn’t make sense unless something is a miss between the college’s Shibboleth/Duo credentials received by DocuSign.

I’ve looked through the documentation and haven’t found a reference to this “invalid_credentials” for some clue on what’s wrong and found nothing.  Does anyone have any ideas on how to diagnose this credentials failure and where I should be looking to get this working?