docusignapidocusignapextoolkit

OAuth Flow for Sender Using Apex Toolkit


I've developed an invokable Apex method that leverages the DocuSign Apex Toolkit for preparing and sending an envelope via a Salesforce flow.

The only issue I'm having is when it is invoked by a Salesforce user, that has been added as a DocuSign user, but has not yet gone through the OAuth flow to connect Salesforce to DocuSign for their user account.

A workaround is that I have that new user click a standard "Send with DocuSign" button an any record, which then shows the "Before you can use DocuSign, you must grant consent for this application to make requests on your behalf." message and a button to start and complete the OAuth flow. Once this is done I can go back to my flow and it will successfully complete as that user.

Any ideas how I can "pre-authorize" users, or check for authorization as part of the flow (is this data stored in Salesforce), or at least find a way to get to this "Authorize" screen in Salesforce without needing to begin the process of sending an envelope?

Thanks Matt


Solution

  • Yes, the administrator for the account can grant "blanket" consent, known as administrative consent, for the relevant integration key (client id) and scope(s) needed by your application.

    To do so:

    1. The account needs the Admin feature Access Management with SSO You can have this feature enabled for your developer sandbox account by email request to go-live@docusign.com. Contact your DocuSign account manager for adding the feature to a production account.
    2. You need to claim the email domain for your users.
    3. Use the Admin tool's Connected Apps tile to grant administrative consent to your users in the claimed to domain to the application.

    The above assumes that you are supplying the integration key to your Apex application.

    If you're using an integration key supplied by DocuSign, then you also need to use the Admin consent for external applications API.

    If you're using an integration key supplied by DocuSign as part of a DocuSign for Salesforce product, then I would first ensure that the product is enabled for everyone in your account; that may take care of your app's consent issue.

    Re: detecting if consent is required

    DocuSign responds with a specific consent_required error if consent is needed. So check the error response of your call. See APIError