Skip to main content
arrow-left Back to Docusign.com
Question

DocuSign JWT: "invalid_grant / issuer_not_found" error after successful consent

  • August 5, 2025
  • 2 replies
  • 121 views
K
Newcomer
Forum|alt.badge.img

I'm trying to set up JWT Grant authentication in the DocuSign sandbox, but I'm constantly running into an invalid_grant / issuer_not_found error, even though I have successfully completed the consent process.

My Configuration

  • Environment: Development (account-d.docusign.com)

  • Integration Key: 1b490ae4-97d1-4b5b-a4d4-cee9998fdf03

  • API Account ID: 73228f49-0509-4526-ac11-20a1025960e3

  • User ID (the user who granted consent): 80a3a400-b695-4fbf-9809-7cf4538d9419

Problem Description

My server-side application (a Firebase Cloud Function on Node.js) is using the official docusign-esign library to call requestJWTUserToken. In response, I receive a 400 Bad Request error with the following body:

{
  "error": "invalid_grant",
  "error_description": "issuer_not_found"
}

What I've Already Tried

  1. Verified all IDs: I have repeatedly checked the Integration Key, API Account ID, and User ID against the details on the "Apps and Keys" page. They are correct.

  2. Verified the endpoint: My code is using account-d.docusign.com, which is correct for the sandbox environment.

  3. Granted Consent: I successfully navigated to the consent URL below, logged into my developer account, and clicked "Accept".

    • URL: https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=1b490ae4-97d1-4b5b-a4d4-cee9998fdf03&redirect_uri=https://www.docusign.com

  4. Configured Redirect URI: In my application's settings, https://www.docusign.com has been added as an allowed Redirect URI.

  5. Verified the private key format: The private key is being used in the full PEM format and is read directly from a file on the server to eliminate any formatting issues.

My Question

Why is the system unable to find the user for User ID (80a3a400-b695-4fbf-9809-7cf4538d9419) when using Integration Key (1b490ae4-97d1-4b5b-a4d4-cee9998fdf03) after consent has been successfully granted? Are there any additional steps or potential issues on the DocuSign side that could be causing this error?

2 replies

JohnSantos
Guru
Forum|alt.badge.img+19
  • JohnSantosGuru
  • Guru
  • 1076 replies
  • August 5, 2025

@kr1z 

Is the User a member in the account? You are trying to impersonate a user (via their User ID) who is not in the same DocuSign account that owns the integration key.

Welcome to the DocuSign Community! Your feedback is highly valued. If you find my response helpful, please give it a "Like" and consider marking it as the "Best Answer" to assist others with similar issues.
R
Docusign Employee
Forum|alt.badge.img+5
  • Rafay.KhanDocusign Employee
  • Docusign Employee
  • 29 replies
  • August 6, 2025

Hello,

This error occurs when the integration key specified in the issuer (iss) parameter of your authentication request is unavailable or incorrect. It can also point to a mismatch in the audience (aud) value, which dictates where your request is intended to go.

 

Solution: The most common fix is to ensure you're pointing to the correct base_uri for your DocuSign environment:

Best,

Dev/API Team


Code of ConductAccessibility statement

Docusign Community

Code of Conduct