Skip to main content
Question

OAuth token not included when I do a per-envelope callback

  • 27 June 2024
  • 1 reply
  • 31 views

Hi all,

 

I have a Connect configuration set up with OAuth 2.0 enabled. When I send an envelope request using the API, and I DO NOT include the `eventNotification` section in my envelope definition, everything works as expected - an authorization token is retrieved from my OAuth provider, and then included as a bearer token in the header of the callback request (which just goes to the URL defined in the Connect configuration).

 

However, I would like to have per-envelope control over the callback URL. To do that, I include an `eventNotification` within the envelope definition. As part of that eventNotification, I am setting `includeOAuth` to true, and `integratorManaged` to true, as per the instructions on this page:

https://www.docusign.com/blog/developers/introducing-oauth-partners-docusign-connect

That page specifically says:

You can use this parameter for account-level and envelope-level configurations.

so I think this should work. However, when the event callback is sent to my webhook, there is no authorization header passed with it.

 

Interestingly enough, if I set `includeHMAC` to true in my eventNotification, I do get those headers in my callback, so whatever is happening here is specific to OAuth. Has anyone run into this issue before?

1 reply

D
Rank
Badge +1

I figured it out! My issue was actually in the building of the envelope. I am coding this in Node, and am using the “Official Docusign eSignature Node Client SDK”, which is here:

https://www.npmjs.com/package/docusign-esign

 

Pretty much all the objects in that SDK have a `constructFromObject` function, which is designed to take a plain JavaScript object and construct the proper sanitized DocuSign object. For example, here is the documentation page for the `eventNotification` object that is central to my issue - you will see the `constructFromObject` function at the very bottom:

https://docusign.github.io/docusign-esign-node-client/module-model_EventNotification.html

 

In the case of `eventNotification`, that function has a bug in it - no matter what you set the value of `includeOAuth` to, the `constructFromObject` function leaves it out. That’s why I was not getting OAuth tokens in my callbacks - because I wasn’t asking for them, even though I thought I was.

 

By simply ignoring the `constructFromObject` function, and building my own JavaScript object that DOES have the `includeOAuth` value set, I was able to get it working. So anyone else who is using that Node SDK, be warned that the `constructFromObject` functions may be dangerous to use.

Reply


Code of Conduct