Merge pull request #17 from ChristianKBarnes/master

Allow authentication via  OAuth2

Author: Tucker-Eric

README.md

@@ -29,10 +29,11 @@ Example:
 require 'vendor/autoload.php';
 
 $client = new DocuSign\Rest\Client([
-	'username'       => $username,
-	'password'       => $password,
-	'integrator_key' => $integrator_key,
-	'host'           => $host
+	'impersonated_user_id' => $impersonated_user_id,
+	'integrator_key'       => $integrator_key,
+	'host'                 => $host,
+	'private_key'          => $private_key,
+	'auth_server'          => $auth_server
 ]);
 
 $client->accounts // Returns DocuSign\eSign\Api\AccountsApi
@@ -62,10 +63,11 @@ Example:
 require 'vendor/autoload.php';
 
 $client = new DocuSign\Rest\Client([
-	'username'       => $username,
-	'password'       => $password,
-	'integrator_key' => $integrator_key,
-	'host'           => $host
+            'impersonated_user_id' => $impersonated_user_id,
+            'private_key'          => $private_key,
+            'integrator_key'       => $integrator_key,
+            'host'                 => $host,
+            'auth_server'          => $auth_server
 ]);
 
 $templateRole = $client->templateRole([
@@ -139,19 +141,21 @@ class DocuSignSample
 {
 	public function signatureRequestFromTemplate()
 	{
-		$username = "[EMAIL]";
-        $password = "[PASSWORD]";
+
+	    $impersonated_user_id = "[IMPERSONATED_USER_ID]";
+        $private_key = "[PRIVATE_KEY]";
         $integrator_key = "[INTEGRATOR_KEY]";
 
-		// change to production before going live
+		// change these to production before going live
         $host = "https://demo.docusign.net/restapi";
-
+        $auth_server = "account-d.docusign.com";
 		// Once instantiated, authentication is handled automatically
         $client = new DocuSign\Rest\Client([
-			'username'       => $username,
-			'password'       => $password,
-			'integrator_key' => $integrator_key,
-			'host'           => $host
+            'impersonated_user_id' => $impersonated_user_id,
+            'private_key'          => $private_key,
+            'integrator_key'       => $integrator_key,
+            'host'                 => $host,
+            'auth_server'          => $auth_server
         ]);
 
     	$templateRole = $client->templateRole([
@@ -187,24 +191,26 @@ require 'vendor/autoload.php';
 
 class DocuSignSample
 {
-	
-	protected $username = "[EMAIL]";
-    protected $password = "[PASSWORD]";
+
+	protected $impersonated_user_id = "[IMPERSONATED_USER_ID]";
+    protected $private_key = "[PRIVATE_KEY]";
     protected $integrator_key = "[INTEGRATOR_KEY]";
 
-	// change to production before going live
+	// change these to production before going live
     protected $host = "https://demo.docusign.net/restapi";
+    protected $auth_server = "account-d.docusign.com";
 
-	protected $client;
+    protected $client;
 
 	public function __construct()
 	{
 		// Once instantiated, authentication is handled automatically
         $this->client = new DocuSign\Rest\Client([
-			'username'       => $this->username,
-			'password'       => $this->password,
-			'integrator_key' => $this->integrator_key,
-			'host'           => $this->host
+            'impersonated_user_id' => $impersonated_user_id,
+            'private_key'          => $private_key,
+            'integrator_key'       => $integrator_key,
+            'host'                 => $host,
+            'auth_server'          => $auth_server
         ]);
 	}
 

src/Client.php

@@ -551,25 +551,39 @@ class Client
     protected $host = 'https://demo.docusign.net/restapi';
 
     /**
-     * Docusign Username
+     * Docusign Integrator Key
      *
      * @var string|null
      */
-    protected $username;
+    protected $integrator_key;
 
     /**
-     * Docusign Password
+     * Docusign Auth Server
      *
      * @var string|null
      */
-    protected $password;
+    protected $auth_server;
 
     /**
-     * Docusign Integrator Key
+     * Docusign RSA Private Key
      *
      * @var string|null
      */
-    protected $integrator_key;
+    protected $private_key;
+
+    /**
+     * Docusign JWT expiry in minutes
+     *
+     * @var int
+     */
+    protected $jwt_expiry = 60;
+
+    /**
+     * Docusign User ID
+     *
+     * @var string|null
+     */
+    protected $impersonated_user_id;
 
     /**
      * Docusign Account Id
@@ -578,6 +592,13 @@ class Client
      */
     protected $account_id;
 
+    /**
+     * Docusign Jwt Scope
+     *
+     * @var string|null
+     */
+    protected $jwt_scope;
+
     /**
      * Container for all instantiated api objects
      * @var array
@@ -599,35 +620,32 @@ class Client
     public function __construct(array $params = [])
     {
         $this->host = $params['host'] ?? null;
-        $this->username = $params['username'] ?? null;
-        $this->password = $params['password'] ?? null;
+        $this->auth_server = $params['auth_server'] ?? 'account-d.docusign.com';
+        $this->jwt_scope = $params['jwt_scope'] ?? "signature impersonation";
         $this->integrator_key = $params['integrator_key'] ?? null;
+        $this->impersonated_user_id = $params['impersonated_user_id'] ?? null;
+        $this->private_key = $params['private_key'] ?? null;
     }
 
     /**
-     * REQUIRED $options ['username' => $username, 'password' => $password, 'integrator_key' => $key]
+     * REQUIRED $options ['impersonated_user_id' => $impersonated_user_id, 'private_key' => $private_key, 'integrator_key' => $key]
      *
-     * OPTIONAL $options ['host' => $host]
+     * OPTIONAL $options ['host' => $host, 'auth_server' => $auth_server, 'jwt_scope' => $jwt_scope ]
      *
      * @param array $options
      * @return Configuration
      */
     public function createConfiguration(array $options = []): Configuration
     {
-        foreach (['username', 'password', 'integrator_key'] as $requiredKey) {
+        foreach (['impersonated_user_id', 'integrator_key', 'private_key'] as $requiredKey) {
             if (empty($options[$requiredKey])) {
                 throw new \InvalidArgumentException(
                     "Cannot create configuration. [$requiredKey => \$value] is missing or empty"
                 );
             }
         }
 
-        return (new Configuration)->setHost($options['host'] ?? $this->host)
-            ->addDefaultHeader('X-DocuSign-Authentication', \json_encode([
-                'Username'      => $options['username'],
-                'Password'      => $options['password'],
-                'IntegratorKey' => $options['integrator_key']
-            ]));
+        return (new Configuration)->setHost($options['host'] ?? $this->host);
     }
 
     /**
@@ -636,10 +654,12 @@ public function createConfiguration(array $options = []): Configuration
     public function getConfiguration(): Configuration
     {
         return $this->createConfiguration([
-            'username'       => $this->username,
-            'password'       => $this->password,
-            'integrator_key' => $this->integrator_key,
-            'host'           => $this->host
+            'impersonated_user_id' => $this->impersonated_user_id,
+            'private_key'          => $this->private_key,
+            'integrator_key'       => $this->integrator_key,
+            'host'                 => $this->host,
+            'auth_server'          => $this->auth_server,
+            'jwt_scope'            => $this->jwt_scope,
         ]);
     }
 
@@ -699,8 +719,6 @@ public function __call($method, $args)
         }
 
         return $docusignModel;
-
-
     }
 
     /**
@@ -733,25 +751,40 @@ public function __get($name)
     public function authenticate(): self
     {
         if (!$this->authenticated || !isset($this->account_id)) {
-            $accounts = $this->authentication->login();
-            $login_accounts = $accounts->getLoginAccounts();
-            $account = $login_accounts[0];
+            $accounts = $this->login();
+            $account = $accounts[0];
             $this->account_id = $account->getAccountId();
-            $base_url = $account->getBaseUrl();
-            $base_url = strtolower(substr($base_url, 0, strpos($base_url, '/restapi') + 8));
-            // If the host has changed, update host on client config
-            if ($this->host !== $base_url) {
-                $this->host = $base_url;
-                // Reset API's
-                $this->_api_container = [];
-            }
         }
 
         $this->authenticated = true;
 
         return $this;
     }
 
+    /**
+     * Get JWT auth by RSA key
+     */
+    public function login()
+    {
+        $this->client->getOAuth()->setOAuthBasePath($this->auth_server);
+
+        try {
+            $response =  $this->client->requestJWTUserToken(
+                $this->integrator_key,
+                $this->impersonated_user_id,
+                $this->private_key,
+                $this->jwt_scope,
+                $this->jwt_expiry,
+            );
+        } catch (\Throwable $th) {
+            throw $th;
+        }
+
+        $access_token = $response[0]->getAccessToken();
+
+        return $this->client->getUserInfo($access_token)[0]->getAccounts();
+    }
+
     /**
      * @param string $account_id
      * @return $this
@@ -777,7 +810,7 @@ public function isAuthenticated(): bool
      */
     public function getAccountId(): string
     {
-        if (null === $this->account_id) {
+        if ($this->account_id === null) {
             $this->authenticate();
         }