Skip to main content
arrow-left Back to Docusign.com

Hello members,

I'm encountering an issue while generating an access token using the JWT flow in PowerShell. Initially, I thought it might be a simple fix, but I've been troubleshooting for several hours without identifying the root cause.

 

Here's the situation:

  • I'm using a PowerShell script to generate a JWT assertion and then use that assertion to retrieve a temporary access token.
  • Unfortunately, my request is failing.
  • For comparison, I generated a JWT using JWT.io with the same private and public keys, and it successfully retrieved an access token.
  • I've verified that the structure and payload of both tokens appear similar(Check below, same iss and sub)

 

Working Failing

 

 

At this point, I'm unsure what I'm missing. It could be a minor configuration error in my script.

I'd appreciate any troubleshooting suggestions you might have. Please let me know if you require any additional information.

 

Thanks,

Sachin Vashishth

@vashu 

In DocuSign, accounts and user memberships are distinct, each with its own GUID (userId and accountID). You can only access envelopes within accounts where you have membership. Using JWT requires providing the userId to get an access token, and API calls are made on behalf of this user. Attempting to access resources from an account where the user lacks membership will result in an error. Ensure all actions are within the same environment. If jwt is done in the demo environment (account-d.docusign.com), use demo.docusign.net for API calls. For production (account.docusign.com), use the correct production URL (e.g., na3.docusign.net, eu1.docusign.net).Also it seems to be an issue with the sub (subject) value in the assertion. Please verify that the value is a valid GUID user ID, not an email address, and that it corresponds to an active user in the relevant environment..

Welcome to the DocuSign Community! Your feedback is appreciated! You can give a "Like" and mark this answer as the "Best Answer" for your issue.

Reply


Code of Conduct

Docusign Community

Code of Conduct