Debugging Forge OAuth2 Providers

Forge
, , ,
1

I am trying to use a Provider in a Forge app to get authenticate with DocuSign. When I call (in a resolver, this is a UI Kit2 app):

const docusign = api.asUser().withProvider('docusign');
  if (!await docusign.hasCredentials()) {
    await docusign.requestCredentials();
  }

I get:

ERROR   16:50:36.977  0000000000000000a4c692df4d573e47  [NEEDS_AUTHENTICATION_ERR: Authentication required] {
  serviceKey: 'docusign',
  status: 401
}

And the OAuth flow doesn’t start in the UI. This is likely an error with my Provider definition, but how do I debug this? Is there any way to find out where in the process the 401 is being returned or what calls are being made to the OAuth provider?

Here is the provider definition, and yes, I’ve set the secret with forge providers configure.

providers:
  auth:
    - key: docusign
      name: DocuSign
      scopes:
        - signature
      type: oauth2
      clientId: XXXXXXXXXXXXXXXXXXXXX
      remotes:
        - docusign-oauth
        - docusign-apis
      bearerMethod: authorization-header
      actions:
        authorization:
          remote: docusign-oauth
          path: /oauth/auth
          queryParameters:
            response_type: code
        exchange:
          remote: docusign-oauth
          path: /oauth/token
        revokeToken:
          remote: docusign-oauth
          path: /oauth/revoke
        retrieveProfile:
          remote: docusign-oauth
          path: /oauth/userinfo
          resolvers:
            id: sub
            displayName: name

remotes:
  - key: docusign-apis
    baseUrl: https://demo.docusign.net
  - key: docusign-oauth
    baseUrl: https://account-d.docusign.com
permissions:
  external:
    fetch:
      backend:
        - https://demo.docusign.net
        - https://account-d.docusign.com

Thanks!

1 Like
2

For anyone else who ends up here, from what I understand, the NEEDS_AUTHENTICATION_ERR is a bit of a red herring. This error is used to determine whether a user needs to go through the consent process or not.

My particular issue was further down the line. After using Chrome’s DevTools → Network info to check that the back and forth between the app and the provider was as expected (i.e., code going to the right callback), I was able to work through my issues by setting up a Dynamic Profile Retriever and from there was able to debug and adjust to handle what was being sent over appropriately.

2 Likes