Our product is a Desktop application that our clients use for loan servicing. We have integrated DocuSign using the legacy username/password authentication method. Our customers each have their own login and they will send loan documents out to their clients to sign from our application. This application as mentioned above is a stand alone desktop app.
Since DocuSign is ending support for the legacy authentication soon, could someone please tell me what OAuth 2.0 authentication method we need to use to migrate to.
By looking at the roadmap at the following link, it looks like we need to use Implicit Grant but I'm not sure. Authentication roadmap
Thank you very much!
I haven't tried anything yet as I'm still confused about what authentication method I need to use. According to the following link, you can use Authorization Code Grant to authenticate if:
The first point above describes our integration as our users have their own Docusign accounts but our integration is not hosted on server and has no web browser being used either. Authorization Code Grant:
Reading this I think you need to use Auth Code Grant. This will enable your users to login as well as be the most secure method.
The only security tricky part is that you need to have your client secret stored on the client/desktop in your case. That is a security risk, and if you distribute your product in a public fashion, you may want to build your own API for the authentication service, assuming you have some sort of server infrastructure you can leverage for your product.
Otherwise, yes, you can use implicit grant, which does not require any secret to be stored on the client, but it is not as a secure as Auth Code Grant.