Back to Docusign.com
I building the App that will connect vie OAuth
I need as least permissions as i need so i choose “openid” scope and login with specially created user with only 2 permissions
I want use scope “extended” to prolongate refresh token each time but for some reason when i try to use scope “openid extended” or “extended openid” - access token that i receive is not allowing me access anywhere where i can go with just “openid” scope. In all routes i receive 401 code
Is it something wrong with “extended” scope or with the way that i trying to use it?
Currently all actions was performed on Dev env. Maybe Dev env itself is limited somehow?
Question
openid scope don't work together with extended
+2- Newcomer
- 3 replies
+4- Docusign Employee
- 38 replies
Hi,
Thank you for reaching out here in the DocuSign Community.
I am very sorry for the inconvenience you are having, however, I would like to know how you are creating the consent URI using the scopes it requires, I just did the test and I have not had any problems, it is for this reason that I would like to know if the URI you are using is similar to this
https://account-d.docusign.com/oauth/auth?response_type=code&scope=extended openid&client_id={YOUR IK}&redirect_uri={YOUR REDIRECT}
Regards,
Eric | Docusign
+2- Newcomer
- 3 replies
Hi, Eric
Thanks for quick response!
here is how i use URL
https://account-d.docusign.com/oauth/auth?client_id={client_id}&redirect_uri={redirect_uri)&state={state}&response_type=code&scope=extended%20openid
I also have succesful response from POST https://account-d.docusign.com/oauth/token just as you on screenshot with access_token, token_type, refresh_token, expires_in, id_token, and scope
The problem is that using ‘access_token’ i get 401 on all routes that i can use without ‘extended’
So my user for example have permissions to view Users/Roles/Groups/Permissions and Manage envelopes
With just ‘scope=openid’ i can freely get data from:
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/users
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/groups
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/permission_profiles
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/envelopes
But as soon as i add ‘extended’ to the scope and repeat OAuth process i receive 401 on all these routes
+12- Rising Star
- 517 replies
extended openid is available in : https://developers.docusign.com/platform/auth/reference/scopes/
Maybe have not grant for this integration key.
+2- Newcomer
- 3 replies
Eric Ruiz wrote:
… I would like to know how you are creating the consent URI using the scopes it requires, I just did the test and I have not had any problems ...
https://account-d.docusign.com/oauth/auth?response_type=code&scope=extended openid&client_id={client_id}&redirect_uri={redirect_uri}I also get succesful result from POST request on https://account-d.docusign.com/oauth/token
The problem is that user that i use for OAuth have permissions to view users, groups, permission_profiles, envelopes
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/users
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/groups
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/permission_profiles
https://demo.docusign.net/restapi/v2.1/accounts/{account_id}/envelopesAnd with just ‘openid’ i have access to all routes that i needBut using ‘openid’ with ‘extended’ i get access token that literally useless because on all same routes i getting code 401So for me it’s like adding ‘extended’ to scope just breaks something
+12- Rising Star
- 517 replies
please add the scope signature in the Authorization Code Grant url.
+2- Newcomer
- 3 replies
Hi, Hengfeng Ge
Adding ‘signature’ is working absolutely fine, but it’s providing too much permissions
We have task to develop an Integration that will request as less permissions as possible for it’s purpose
Due to absence of granular scopes in eSignature API - i choose to use specially created user with restricted permissions and grant access from this user using ‘openid’
But i also require ‘extended’ option because in other case our clients will be forced to relogin each 30 days
If i understand correctly ‘extended openid signature’ is the same as ‘extended signature’ because the App will be granted access to all routes of the eSignature API
But i need ‘extended openid’ if it’s possible
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Most helpful members this week
Sign up
Already have an account? Login
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.
Customer Login/Registration Developer Login/RegistrationJoin the Docusign Community by logging in with your Docusign developer or customer account credentials.
Don’t have an account? You can create a free one when registering.
Note: Partner-specific logins are not available yet. Partners should log in as either a customer or developer
Docusign Community
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.
Customer Login/Registration Developer Login/RegistrationEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.