Docusign JWT OAuth Consent: Is it Permanent or Does it Expire?

Hello,

I’d like to integrate JWT authentication to access the DocuSign API from my server.

I understand that, on first use, I need to accept a consent request by visiting a URL like:
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature impersonation&client_id=CLIENT_ID&redirect_uri=https://www.docusign.com

My question is:
Once I’ve granted this consent, is it valid indefinitely as long as I don’t change the client_id? Or do I need to repeat this consent step periodically (e.g., when the token expires or per session)?

Thanks for your help!

Page 1 / 1

@StelDev

Once user consent is granted via the consent URL for JWT authentication, it does not need to be repeated. However, user consent is independent of token expiration. The JWT token you generate is valid for a short time (typically 1 hour). You will need to refresh your token. You can safely generate a new token anytime; you don’t need to wait for the old one to expire.

@StelDev the consent is in force until the user revokes it.

By the way, obtaining consent as documented is merely running the first portion of the Authorization Code Grant flow. More information is in the blog post below.

https://www.docusign.com/blog/developers/demystifying-docusign-authentication

Reply

Sign up

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Docusign Community

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Scanning file for viruses.

This file cannot be downloaded