[#3970] Feature/Docusign Oauth Implementation

- Added support for oauth2 using jwt grant flow Signed-off-by: Harold Wanyama <[email protected]>
communitybridge · Aug 22, 2023 · b48560b · b48560b
1 parent fc41f68
commit b48560b
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 14 deletions.
diff --git a/cla-backend/cla/config.py b/cla-backend/cla/config.py
@@ -145,6 +145,12 @@ def get_ssm_key(region, key):
 # DocuSign Private Key
 DOCUSIGN_PRIVATE_KEY = ""
 
+#Docusign Integration Key
+DOCUSIGN_INTEGRATOR_KEY = ""
+
+#Oocusign user id
+DOCUSIGN_USER_ID = ""
+
 # reference to this module, cla.config
 this = sys.modules[__name__]
 
@@ -173,7 +179,9 @@ def _load_single_key(key):
         f'cla-auth0-platform-client-id-{stage}',
         f'cla-auth0-platform-client-secret-{stage}',
         f'cla-auth0-platform-audience-{stage}',
-        f'cla-docusign-private-key-{stage}'
+        f'cla-docusign-private-key-{stage}',
+        f'cla-docusign-integrator-key-{stage}',
+        f'cla-docusign-user-id-{stage}'
     ]
     config_keys = [
         "GITHUB_PRIVATE_KEY",
@@ -182,7 +190,9 @@ def _load_single_key(key):
         "AUTH0_PLATFORM_CLIENT_ID",
         "AUTH0_PLATFORM_CLIENT_SECRET",
         "AUTH0_PLATFORM_AUDIENCE",
-        "DOCUSIGN_PRIVATE_KEY"
+        "DOCUSIGN_PRIVATE_KEY",
+        "DOCUSIGN_INTEGRATOR_KEY",
+        "DOCUSIGN_USER_ID"
     ]
 
     # thread pool of 7 to load fetch the keys

diff --git a/cla-backend/cla/models/docusign_models.py b/cla-backend/cla/models/docusign_models.py
@@ -19,7 +19,7 @@
 from urllib.parse import urlparse
 import jwt
 import requests
-import time
+import time 
 
 import cla
 import pydocusign  # type: ignore
@@ -38,9 +38,9 @@
 
 api_base_url = os.environ.get('CLA_API_BASE', '')
 root_url = os.environ.get('DOCUSIGN_ROOT_URL', '')
-integrator_key = os.environ.get('DOCUSIGN_INTEGRATOR_KEY', '')
-user_id = os.environ.get('DOCUSIGN_USER_ID', '')
-private_key = os.environ.get('DOCUSIGN_PRIVATE_KEY', '')
+integrator_key = cla.config.DOCUSIGN_INTEGRATOR_KEY
+user_id = cla.config.DOCUSIGN_USER_ID
+private_key = cla.config.DOCUSIGN_PRIVATE_KEY
 auth_server = os.environ.get('DOCUSIGN_AUTH_SERVER')
 token_endpoint = f'https://{auth_server}/oauth/token'
 
@@ -115,14 +115,14 @@ def initialize(self, config):
             "sub": user_id,
             "aud": auth_server,
             "scope": "signature_impersonation",
-            "iat": int(time.time()),
             "exp": expiration_time
         }
 
         cla.log.debug(f"jwt data claims: {payload}")
 
         try:
             #sign the JWT
+            cla.log.debug(f'private key: {private_key}')
             encoded_jwt = jwt.encode(payload, private_key, algorithm='RS256')
 
             # Request an access token using the JWT
@@ -132,22 +132,22 @@ def initialize(self, config):
             data = {
                 'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
                 'assertion': encoded_jwt,
-                'client_id': integrator_key,
-                'client_secret': private_key
             }
 
-
             cla.log.debug(f"docusign token_endpoint : {token_endpoint}")
 
             response = requests.post(token_endpoint, headers=headers, data=data)
+            if response.status_code != 200:
+                cla.log.debug(f'response: {response.content} {response.status_code}')
+                response.raise_for_status()
             access_token = response.json().get('access_token')
             cla.log.debug(f"access_token for docusign: {access_token}")
 
             cla.log.debug("Initializing docusign ...")
             self.client = pydocusign.DocuSignClient(root_url=root_url,oauth2_token=access_token)
 
 
-        except Exception as ex:
+        except (Exception, requests.exceptions.HTTPError) as ex:
             cla.log.error("Error authenticating Docusign: {}".format(ex))
             return {'errors': {'Error authenticating Docusign'}}
 

diff --git a/cla-backend/serverless.yml b/cla-backend/serverless.yml
@@ -320,9 +320,7 @@ provider:
     DOCRAPTOR_API_KEY: ${file(./env.json):doc-raptor-api-key, ssm:/cla-doc-raptor-api-key-${sls:stage}}
     DOCUSIGN_ROOT_URL: ${file(./env.json):docusign-root-url, ssm:/cla-docusign-root-url-${sls:stage}}
     DOCUSIGN_USERNAME: ${file(./env.json):docusign-username, ssm:/cla-docusign-username-${sls:stage}}
-    DOCUSIGN_PASSWORD: ${file(./env.json):docusign-password, ssm:/cla-docusign-password-${sls:stage}}
-    DOCUSIGN_INTEGRATOR_KEY: ${file(./env.json):docusign-integrator-key, ssm:/cla-docusign-integrator-key-${sls:stage}}
-    DOCUSIGN_USER_ID: ${file(./env.json):docusign-user-id, ssm:/cla-docusign-user-id-${sls:stage}}
+    DOCUSIGN_PASSWORD: ${file(./env.json):docusign-password, ssm:/cla-docusign-password-${sls:stage}} 
     DOCUSIGN_AUTH_SERVER: ${file(./env.json):docusign-auth-server, ssm:/cla-docusign-auth-server-${sls:stage}}
     CLA_API_BASE: ${file(./env.json):cla-api-base, ssm:/cla-api-base-${sls:stage}}
     CLA_CONTRIBUTOR_BASE: ${file(./env.json):cla-contributor-base, ssm:/cla-contributor-base-${sls:stage}}