DocuSign Spoke Configuration Question

robinson_gregor · ‎09-17-2019

Hi,

I am trying to do a POC for the DocuSign integration and am having some difficulties with OAuth I was hoping someone could help me out with.

I am following this: https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/administer/integrationhub-store-...

I have followed the instructions to a T, and am getting an invalid_grant error when trying to get the token from DocuSign. I am pretty sure my issue is with the Java Key Store certificate part of the configuration. Is this Key Store something that DocuSign provides that I may be missing or is this something I will have to manually create with the public/private RSA keys DocuSign provides?

Any help would be greatly appreciated!

Sandeep150 · ‎11-11-2019

Hi,

Please refer the below link to create Java Key Store (JKS), and follow the steps as mentioned in ServiceNow documentation.
http://www.agentbob.info/agentbob/79-AB.html

Thanks.

nstarr · ‎01-28-2020

I've had the same experience as you. I also expect it's the JKS certificate that is the issue but an unsure how it is supposed to be generated / retrieved. Did you manage to get it working?

nstarr · ‎01-28-2020

I received this response on how to set up the DocuSign spoke from a HI ticket I raised. It explains how to generate the jks file and helped me progress.

Pre-Requisite:

Should have DocuSign Account
ServiceNow Instance with DocuSign Spoke Installed

Part 1:

Create an app in your DocuSign Account

Login to your DocuSign Account
Navigate to the Admin section & Click on API and Keys
Click on ADD APP / INTEGRATION KEY button to create an Integration app
Get hold of Integration Key & Secret Key
Click on Add RSA Keypair & copy the Public, Private & Keypair ID into safer location
Enter the value for Redirect URLs (e. g - https://yourinstancename.service-now.com/oauth_redirect.do)

Note: Make sure You select User Application as “Authorization Code Grant”

Part 2:

Generate the JKS File

Copy the Private key that was generated from your DocuSign Integration app and make a new file key with this private key.
Create CA signed certificate using private key, please run the below command for this

openssl req -new -x509 -key privatekey.key -out cacert.pem -days 1095

Create PKCS 12 file using your private key and CA signed certificate, please run the below command for this (Set the Password, whenver it asks)

openssl pkcs12 -export -in cacert.pem -inkey privatekey.key -certfile cacert.pem -out testkeystore.p12

Now, Create the JKS file by running the below command

keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore ranDocusign.jks -deststoretype JKS

Part 3:

Create the oAuth Profile & JWT Provider in your ServiceNow Instance
Login to your ServiceNow instance
Navigate to the System Definition -> Certificates & Click on New to create a New Certificate
Select the Type to Java Key Store & Enter the password which created while Generating JKS file & Attach the JKS file
Click on Validate Stores/Certificates link
Navigate to the System oAuth -> JWT Keys & create a new JWS Key
Select the Previously created Cert for Signing Keystore & Enter the Signing Key
Navigate to the JWT Providers -> Create new JWT Provider
Select the Previously created JWT Key for Signing Configuration enter the appropriate values for Standard Claims & Create a new entry in Custom Claims & provide the value for scope. Please access below link for more info

https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken#step-2-crea...

Navigate to the System oAuth ->Application registries & create a new oAuth Profile
Enter the ClientID & Client Secret which you have got from DocuSign Integrator app
Provide the Auth URL as follows https://account-d.docusign.com/oauth/auth
Provide the Token URL as followshttps://account-d.docusign.com/oauth/token
Select the Default Grant Type as JWT Bearer
Now, Save the record
Create the oAuth Entity Scope (Add your necessary scopes here)

Part 3:

4.1 Obtaining Consent as Individual

Navigate to the System oAuth ->Application registries -> DocuSign oAuth & Create a new oAuth entity profile with Grant Type as Authorization Code under the oAuth entity profile related list
Add the necessary scopes for this oAuth Profile as well.
Navigate to the Connection & Credentials -> Credentials & Create new Credentials of type oAuth 2.0
Select the oAuth Entity Profile created with Grant type as Authorization Code
Now, Click on Get OAuth Token Link & enter your DocuSign Username & Password to provide the consent
Now, Again Create a new credentials of type oAuth 2.0 & select the entity profile of type JWT Bearer
Click on Get OAuth Link & You can see that oAuth Flow is completed successfully message.

4.2 Obtaining Consent as Organization Admin

In case of Obtaining Organization Admin Consent for an application owned by your organization, please see the below link

https://developers.docusign.com/esign-rest-api/guides/authentication/obtaining-consent#admin-consent...

shanedavis · ‎06-06-2023

@nstarr Good morning! I have a couple questions if you don't mind answering. I've been through all of the steps above. We can validate the JKS cert (Part 3 #7), we can get the Authorization, we get the token from the Authorization Code (Part 4#5), we get the token from JWT Bearer (Part 4 #7) and we have DocuSign all set up. We've even completed the part for the webhook. Our issue is that when we run the Get Accounts flow, we get the error below.

The instructions at the link below add a part 6 to what you put here. It says to create another credential, but I already have an Auth Code & JWT so do I really need a 3rd credentials or just the 2 I have?

How to Set up DocuSign spoke - Support and Troubleshooting (servicenow.com)

Our goal is to have the webhook for pulling all DocuSign accounts, etc into ServiceNow AND also to use the spoke for areas like onboarding for associates to sign documents.

{
    "Action Status": {
        "code": 1,
        "message": "Error:  <,Detail: Unexpected token: <"
    }
}