Method: DocuSign_Maestro::ApiClient#request_jwt_user_token

Defined in:
lib/docusign_maestro/client/api_client.rb

#request_jwt_user_token(client_id, user_id, private_key_or_filename, expires_in = 3600, scopes = OAuth::SCOPE_SIGNATURE) ⇒ OAuth::OAuthToken

Request JWT User Token

Parameters:

  • client_id (String)

    DocuSign OAuth Client Id(AKA Integrator Key)

  • user_id (String)

    DocuSign user Id to be impersonated

  • private_key_or_filename (String)

    the RSA private key

  • expires_in (Number) (defaults to: 3600)

    number of seconds remaining before the JWT assertion is considered as invalid

  • scopes (defaults to: OAuth::SCOPE_SIGNATURE)

    The list of requested scopes. Client applications may be scoped to a limited set of system access.

Returns:

Raises:

  • (ArgumentError)
[View source]

455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
# File 'lib/docusign_maestro/client/api_client.rb', line 455

def request_jwt_user_token(client_id, user_id, private_key_or_filename, expires_in = 3600,scopes=OAuth::SCOPE_SIGNATURE)
  raise ArgumentError.new('client_id cannot be empty')  if client_id.empty?
  raise ArgumentError.new('user_id cannot be empty')  if user_id.empty?
  raise ArgumentError.new('private_key_or_filename cannot be empty')  if private_key_or_filename.empty?

  scopes = scopes.join(' ') if scopes.kind_of?(Array)
  scopes = OAuth::SCOPE_SIGNATURE if scopes.empty?
  expires_in = 3600 if expires_in > 3600
  now = Time.now.to_i
  claim = {
    "iss" => client_id,
    "sub" => user_id,
    "aud" => self.get_oauth_base_path,
    "iat" => now,
    "exp" => now + expires_in,
    "scope"=> scopes
  }

  private_key = if private_key_or_filename.include?("-----BEGIN RSA PRIVATE KEY-----")
                  private_key_or_filename
                else
                  File.read(private_key_or_filename)
                end

  private_key_bytes = OpenSSL::PKey::RSA.new private_key
  token = JWT.encode claim, private_key_bytes, 'RS256'
  params = {
      :header_params => {"Content-Type" => "application/x-www-form-urlencoded"},
      :form_params => {
          "assertion" => token,
          "grant_type" => OAuth::GRANT_TYPE_JWT
      },
      :return_type => 'OAuth::OAuthToken',
      :oauth => true
  }
  data, status_code, headers = self.call_api("POST", "/oauth/token", params)


  raise ApiError.new('Some error accrued during process') if data.nil?

  self.set_default_header('Authorization', data.token_type + ' ' + data.access_token)
  data
end