Develop Reference

How to use SMS-Authentication in DocuSign

I'm trying to implement the SMS authentication with the aid of the DocuSign-SDK library.
var signer = new Signer {...};
signer.RequireIdLookup = "true";
signer.IdCheckConfigurationName = "SMS Auth $";
signer.SmsAuthentication = new RecipientSMSAuthentication {
SenderProvidedNumbers = new List<string> {
"0171*******"
}
};
When I try to send this envelope to the DocuSign API it will reply with the following error message:
Error calling CreateEnvelope:
{"errorCode":"INVALIDAUTHENTICATIONSETUP","message":"Recipient phone
number is invalid. Phone number for SMS Authentication: provided is
invalid. }
INVALIDAUTHENTICATIONSETUP: Authentication is not setup correctly for the recipient.
Is there something I have to enable on the DocuSign Admin page? I couldn't find any feature or something like that I need to enable.
Did I implement it the wrong way? Maybe someone can give me some suggestions.
Thanks
BTW: The given phone number should be valid.
EDIT:
When I'm using the new method as #Inbar wrote, I can't get the needed workflowId from the AccountsApi.
var client = new ApiClient(ApiClient.Demo_REST_BasePath);
var token = "eyJ1...";
client.Configuration.DefaultHeader.Add("Authorization", "Bearer " + token);
var accountsApi = new AccountsApi(client);
var response = accountsApi.GetAccountIdentityVerification(accountId);
var result = response.IdentityVerification; // Is empty. Why?
It seems that I have no IdentityVerification options which I can use for the authentication.
How can I enable such IdentityVerification options?
Or what else do I need to pay attention to?

Your code is using the older method, the new method code is provided in GitHub, I'll post it here too. You can find the article on Dev Center.
string workflowId = phoneAuthWorkflow.WorkflowId;
EnvelopeDefinition env = new EnvelopeDefinition()
{
EnvelopeIdStamping = "true",
EmailSubject = "Please Sign",
EmailBlurb = "Sample text for email body",
Status = "Sent"
};
byte[] buffer = System.IO.File.ReadAllBytes(docPdf);
// Add a document
Document doc1 = new Document()
{
DocumentId = "1",
FileExtension = "pdf",
Name = "Lorem",
DocumentBase64 = Convert.ToBase64String(buffer)
};
// Create your signature tab
env.Documents = new List<Document> { doc1 };
SignHere signHere1 = new SignHere
{
AnchorString = "/sn1/",
AnchorUnits = "pixels",
AnchorXOffset = "10",
AnchorYOffset = "20"
};
// Tabs are set per recipient/signer
Tabs signer1Tabs = new Tabs
{
SignHereTabs = new List<SignHere> { signHere1 }
};
string workflowId = workflowId;
RecipientIdentityVerification workflow = new RecipientIdentityVerification()
{
WorkflowId = workflowId,
InputOptions = new List<RecipientIdentityInputOption> {
new RecipientIdentityInputOption
{
Name = "phone_number_list",
ValueType = "PhoneNumberList",
PhoneNumberList = new List<RecipientIdentityPhoneNumber>
{
new RecipientIdentityPhoneNumber
{
Number = phoneNumber,
CountryCode = countryAreaCode,
}
}
}
}
};
Signer signer1 = new Signer()
{
Name = signerName,
Email = signerEmail,
RoutingOrder = "1",
Status = "Created",
DeliveryMethod = "Email",
RecipientId = "1", //represents your {RECIPIENT_ID},
Tabs = signer1Tabs,
IdentityVerification = workflow,
};
Recipients recipients = new Recipients();
recipients.Signers = new List<Signer> { signer1 };
env.Recipients = recipients;

I've created a new developer account on DocuSign and created a small test app in order to request identity verification options. Fortunately, that was working now and I got all available options but I do not understand why this is not working for my other developer account ("old").
When I compare both accounts I don't see the "Identity Verification" setting in the "old" account.
It is possible to activate this "Identity Verification" setting for my "old" dev account?
I guess that enabling this feature would solve the problem.
EDIT:
Ok, I've solved the problem.
I figured out that no IDV was configured for my developer account. In that case, the identity_verification call will return an empty array.
see: https://developers.docusign.com/docs/esign-rest-api/how-to/id-verification/
Also, I have read the following note in the DocuSign documentation:
Note: Phone authentication may not be enabled for some older developer
accounts. If you cannot choose to use phone authentication for your
account, contact support to request access. see:
https://developers.docusign.com/docs/esign-rest-api/esign101/concepts/recipients/auth/#id-verification-idv
So I contacted DocuSign support and they give me access to the IDV accordingly.
Now it is working fine.

Cant create user over Graph API in Azure AD B2C property not present

Currently trying to create a user in a Azure AD B2C over the Graph API but keep getting following error: (I did not delete the property name between the '' there is none...)
Code: Request_ResourceNotFound
Message: Resource '' does not exist or one of its queried reference-property objects are not present.
Inner error:
AdditionalData:
date: 2021-10-12T11:22:34
request-id: f45d65b3-61b1-492c-b6cb-fc43bb3805dd
client-request-id: f45d65b3-61b1-492c-b6cb-fc43bb3805dd
ClientRequestId: f45d65b3-61b1-492c-b6cb-fc43bb3805dd
Following Code is used to create the User
IDictionary<string, object> extensionInstance = new Dictionary<string, object>();
extensionInstance.Add($"extension_{AadB2CConfiguration.ExtensionsID}_GUID", guid);
new User
{
DisplayName = username,
AccountEnabled = true,
Identities = new List<ObjectIdentity>
{
new ObjectIdentity()
{
SignInType = valueSignInType,
Issuer = AadB2CConfiguration.TenantId,
IssuerAssignedId = username,
}
},
PasswordPolicies = valuePasswordPolicies,
PasswordProfile = new PasswordProfile()
{
Password = password,
ForceChangePasswordNextSignIn = false,
}
,AdditionalData = extensionInstance
};
GraphClient Method
public static Microsoft.Graph.GraphServiceClient GraphClient
{
get
{
var app = ConfidentialClientApplicationBuilder.Create(AadB2CConfiguration.ClientId)
.WithClientSecret(AadB2CConfiguration.ClientSecret)
.WithAuthority(AadB2CConfiguration.AadB2cGraphAuthority)
.Build();
string[] scopes = new string[] { AadB2CConfiguration.GraphScope };
var token = app.AcquireTokenForClient(scopes).ExecuteAsync().Result;
Microsoft.Graph.GraphServiceClient graphClient = new Microsoft.Graph.GraphServiceClient(AadB2CConfiguration.GraphBaseUrl, new Microsoft.Graph.DelegateAuthenticationProvider(async (requestMessage) =>
{
requestMessage.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("bearer", token.AccessToken);
}));
return graphClient;
}
The User will then be created via the GraphClient
User result = await GraphClient.Users.Request().AddAsync(newUser);
return ResponseMessage(result);
How can I find out which property is not present?

Check that AadB2CConfiguration.ExtensionsID is correct, it should be the application (client) ID of the application the GUID extension property was created against with the - removed.
If it's wrong, and so Graph can't find the application, then you'll get the error Resource '' does not exist or one of its queried reference-property objects are not present.

AD B2C Keep Password from Expiring on New User

We're trying to create a user in Azure AD B2C (cloud tenant, not local) via the C# library. I cannot log in with the new user; it's saying the password has expired. From the AD B2C Sign-in log:
However, I'm creating them with password expiration disabled like so:
PasswordProfile passwordProfile = GetPasswordProfile(password);
var newB2cUser = new User
{
Id = id,
MailNickname = id,
UserPrincipalName = $"{id}#{tenant}",
GivenName = claims.FirstName,
Surname = claims.LastName,
DisplayName = displayName,
AccountEnabled = true,
PasswordProfile = passwordProfile,
PasswordPolicies = "DisablePasswordExpiration,DisableStrongPassword",
Identities = new List<ObjectIdentity>
{
new ObjectIdentity
{
SignInType = "emailAddress",
IssuerAssignedId = claims.Email,
Issuer = tenant
}
}
};
User createdB2cUser = await this.GraphServiceClient.Users.Request().AddAsync(newB2cUser);
...and with the password profile created like this:
private static PasswordProfile GetPasswordProfile(string password)
{
var passwordProfile = new PasswordProfile
{
Password = password,
ForceChangePasswordNextSignIn = false,
ForceChangePasswordNextSignInWithMfa = false
};
return passwordProfile;
}
We've used code like the above to create users all the time that need to reset their password on login. Now we need to create a user with a preset password that won't immediately expire (e.g., seeding a test environment). I added what I thought were the correct password policies and password profile above. What's going on?

I can see nothing wrong with the code sample you provided. But did you try achieving the same goal using Graph API directly? Just to understand what is going on and where the fault may be. You can use GraphExplorer: https://developer.microsoft.com/en-us/graph/graph-explorer
Invoke a POST request to the https://graph.microsoft.com/v1.0/users endpoint with the similar JSON to see whether you face the same issue.
{
"id": "fcaba916-17b0-4d88-84ea-03371d55067a",
"mailNickname": "MelissaD",
"userPrincipalName": "MelissaD#contoso.onmicrosoft.com",
"givenName": "Melissa",
"surname": "Darrow",
"displayName": "Melissa Darrow",
"accountEnabled": true,
"passwordPolicies": "DisablePasswordExpiration,DisableStrongPassword",
"passwordProfile": {
"password": "da413e48-180d-1945-6025-d7e5947711ed",
"forceChangePasswordNextSignIn": false,
"forceChangePasswordNextSignInWithMfa": false
},
"identities": [
{
"signInType": "emailAddress",
"issuer": "yourissuer",
"issuerAssignedId": "email"
}
]
}
Try to simulate the request body exactly as Graph Client does to know what is going on behind the scenes.

Microsoft Graph API inaccurate error message

I'm trying to add users in an Azure AD B2C using the Microsoft Graph API. My code works just fine when I add a User, but I tried to add it a second time with the same info given to the API (mail, names, etc...) and expected an error like
User already exists
or something similar.
My API call is done like this :
var result = await graphClient.Users.Request().AddAsync(new User()
{
AccountEnabled = true,
Mail = "example#example.onmicrosoft.com",
MailNickname = "example",
UserPrincipalName = "example#example.onmicrosoft.com",
Surname = "TEST",
DisplayName = "test",
GivenName = "TEST test",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "tmpPwd"
}
});
Keeping in mind that my first call correctly add the user to the AD, why the API would return me this message :
Microsoft.Graph.ServiceException : 'Code: Request_BadRequest
Message: One or more properties contains invalid values.
Thank you in advance.

According to the document Create the user using the below property without mail .so that when a user has already existed then you will get the error as below
Code: Request_BadRequest
Message: Another object with the same value for property userPrincipalName already exists.
code:
var result = await graphClient.Users.Request().AddAsync(new User()
{
AccountEnabled = true,
MailNickname = "example",
UserPrincipalName = "example665#XX.live",
Surname = "TEST",
DisplayName = "test",
GivenName = "TEST test",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "password#1234"
}
});
Console.WriteLine(JsonConvert.SerializeObject(result));
}
Using additional property may change the error context as you are receiving currently

IdentityServer3 connect/token endpoint always return 401: unauthorized

I am trying to setup IdentityServer3 for my project.
When I run IdentityServer3 on local development machine it works all fine, but when I host it on the shared server I get a 401 error. I am trying to access token using endpoint connect\token. Here is the configuration for identityserver3
IdentityServerOptions identityServerOptions = new IdentityServerOptions
{
SiteName = "Ripple IdentityServer",
SigningCertificate = LoadCertificate(),
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
{
EnablePostSignOutAutoRedirect = true,
},
LoggingOptions = new LoggingOptions
{
EnableWebApiDiagnostics = true,
WebApiDiagnosticsIsVerbose = true,
EnableHttpLogging = true,
EnableKatanaLogging = true
},
Factory = factory,
};
The strange thing is I am not getting any logs. I know the logs are working because when I access the connect/authorize endpoint, I can see log information. Here is my client registration
client = new Client
{
ClientId = app.Id,
ClientName = app.Name,
Flow = Flows.ResourceOwner,
AllowedScopes = app.AllowedScopes.Split(';').ToList(),
AllowedCorsOrigins = new List<string> { "*" }
};
if (app.Secret != null && app.Secret != "")
{
client.ClientSecrets = new System.Collections.Generic.List<Secret>();
app.Secret = app.Secret.Replace("{", "").Replace("}", "");
string[] secrets = app.Secret.Split(',');
foreach (var s in secrets)
{
client.ClientSecrets.Add(new Secret(s.Sha256()));
}
}
Here is the client code to get access token
var data = new StringContent(string.Format("grant_type=password&username={0}&password={1}&Domain={2}&scope={3}",
HttpUtility.UrlEncode(username),
HttpUtility.UrlEncode(password),
HttpUtility.UrlEncode(domainId),
HttpUtility.UrlEncode(requiredScope)), Encoding.UTF8, "application/x-www-form-urlencoded");
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(
"Basic",
Convert.ToBase64String(
System.Text.ASCIIEncoding.ASCII.GetBytes(
string.Format("{0}:{1}", applicationId, appSecretKey))));
HttpResponseMessage response = client.PostAsync("connect/token", data).Result;
Without logs, I am totally lost. Where should I look for more information to debug?

Found solution. Shared hosting like godaddy did not support Basic authentication. So request to access token was getting rejected on server level. That was the reason why no log file was not are getting generated.
To work around this problem, I have to implement my own version on ISecretParser. In this implementation i parsed of my own authentication header
e.g. Authentication MyAuth ClientID:ClientSecret
Then register this parser with IdentityServerServiceFactory and it worked like charm.
I hope this solution will help others who are trying to host IdentiyServer3 on shared servers.