This topic contains 13 replies, has 2 voices, and was last updated by  Duo_Liang 1 week, 3 days ago.

  • Author
    Posts
  • Participant
    nehme
    Senior Member
    Member since: 23.07.2018
    Number of posts: 101

    Hello,

    I have generated the below esignlive token, but when trying to access it, getting this message “Your authentication token has expired. Tue Oct 09 15:54 UTC”.

    I can access the package from esignlive portal but not from the generated URL. Can you please give me more details about the problem happened.

    This is the generated URL:
    https://sandbox.esignlive.com/access?sessionToken=NDEzMDAzxxxxxxxxxxxxxxxxxxxxxx

    Thanks,
    Nehme

    • This topic was modified 1 week, 5 days ago by  Duo_Liang.
    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 398

    Score

    0

    Hi nehme,

    Can you share the SDK function you are using to generate this session token? As per our guidance:
    An authentication token is used to obtain a valid session for a particular user of the system. There’re four kinds of authentication tokens: userAuthToken, senderAuthToken, signerAuthToken and singleUseSignerAuthToken. And among these tokens, all of them are single-use except signerAuthToken.

    So it’s highly possible that your token is just for single use and that’s why after that you receive an “authentication token has expired” error.

    Hope this could help you!
    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Participant
    nehme
    Senior Member
    Member since: 23.07.2018
    Number of posts: 101

    Score

    0

    Hello Duo,

    I am using CreateSignerAuthenticationToken to create the URL.

    Thanks,
    Nehme

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 398

    Score

    0

    Hi nehme,

    In this case, tokens generated by “CreateSignerAuthenticationToken()” are for multiple use. And from my test, it works at my side.
    So can you provide with your package ID? And is there anything special about this package? If so, can you try a most common package and generate token again?

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Participant
    nehme
    Senior Member
    Member since: 23.07.2018
    Number of posts: 101

    Score

    0

    Hello Duo,

    This is the packageId : qO-AotBeQim7fLffwhOzXQCP9qo=

    Thanks,
    Nehme

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 398

    Score

    0

    Hi nehme,

    Just few more questions for you.
    Can you get access through the combined link immediately after you generate the signer authentication token? And have you modified your session expiry timeout in your account level? Because authentication token shares the session expiry timeout in your account setting, by default it’s a 30 minutes.
    And can you also have a try onCreateSignerAuthenticationTokenForSingleUse() function?

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Participant
    nehme
    Senior Member
    Member since: 23.07.2018
    Number of posts: 101

    Score

    0

    Hello Duo,

    Yes I was able to access other generated URLs directly after generating them and access them in iFrame.

    I can not use CreateSignerAuthenticationTokenForSingleUse(), because if in a problem case the client close the browser, so I will be able to send him the already generated link again.

    Where I can check the session expiry timeout in your account setting in sandbox portal?

    Thanks,
    Nehme

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 398

    Score

    0

    Hi nehme,

    That’s a setting in our backend system, you can check it by contacting our support team at sign.support@onespan.com.

    So does it boil down into that, you want to handle the situation when your signing session is expired? Because I just made a blog about this: Session Expiry in an iFrame, where you can find out how to notify your parent window and let your program take control of the workflow.

    Hope this could help!
    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Participant
    nehme
    Senior Member
    Member since: 23.07.2018
    Number of posts: 101

    Score

    0

    Hello Duo,

    Thanks for your answer. I will check it and get back to you.

    I am currently using esl.sdk.net.11.15, is it a good idea to upgrade to esl.sdk.net.11.19? What is the new features added in esl.sdk.net.11.19? Where I can find the release note for esl.sdk.net.11.19?

    Thanks,
    Nehme

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 398

    Score

    0

    Hi nehme,

    Here’s the release note. The main new added features in recent few releases are: enforce Siganture at approval level, optional signature, etc.

    And yes, it’s always recommended to upgrade to the latest SDK version to avoid missing any new added features.

    Hope this could help!
    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Participant
    nehme
    Senior Member
    Member since: 23.07.2018
    Number of posts: 101

    Score

    0

    Hello Duo,

    Just clarification, so after the 30 minutes the sign URL will expire? So what is the solutions? I have an example, suppose the client I generate the sign URl inside iFrame, the client kept the iFrame open for more than 30 minutes whichout signing, so what is the best solution to avoid this situation. Becuase while generating the sign url, I inject many fields so it is a complex process to regenerate the URL again, What is the best practice in this case.

    Thanks
    Nehme

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 398
    Approved answer

    Score

    0

    Hi nehme,

    Sorry for the confusion, I will clarify this in a detailed manner. Because there are few concepts I need to explain to you first.

    1. Session Expiry vs Authentication Token Expiry
    They are two different concepts and you can set the timeout of them separately (by default they are both 30 minutes)
    The reason why your combined url get expired is because you were using authenticationToken to generate the url, the token expired in 30 minutes that why the url is no longer valid.
    To avoid this, you have two options: either increase your authentication token expiry timeout(which I won’t recommend) or you can directly generate a signing url to get access to signing ceremony.

    2.Signing Url
    In .Net SDK, you can generate signing url directly by this function:

    eslClient.PackageService.GetSigningUrl(new PackageId("package id"), "signer id"); // in this case, signer id can't be replaced by email

    as commented, in this case, you can’t input email as signer id in this function due to the SDK design. So I guess a custom ID to synchronize role id and signer id is a MUST if you want to use this function.
    The signing url looks like this:

    Signing url: https://sandbox.esignlive.com/auth?target=https%3A%2F%2Fsandbox.esignlive.com%2Ftransaction%2F0q5SoDJjyLpD3wspCHTlZlQkTCk%3D%2Fsign&loginToken=UXNpazRSN3NQRGJ0Y0dwT3ZYTEQrd2ppSWlLMlR3SzI2ZzFQQ3k1ckVzQUJ2NkJxSkc0NVRDcmRiekozdUEvdmdhUlN4R2FRekdMMkdOcGV3OWJrZFd4VFluSkNPVWN4ZDBrMFRFTnVObEl6YlVGcVVEZzFjMFpoUmxGTVpEbHpkVVJKYUZNemRYWk9ZMlpVZURZMWMzTnJjVU16UVVsRGRqaFpSalpQTjNxY0wxOGpWc2JENU1vQ2JLZVZiM2FNYVlJLy9HaTdLemFnMWY1VHAzT3padz09
    

    As you can noticed, signing url used a “loginToken” to combine the link. So what’s different? #1, this link won’t expire, you can simply understand it’s the same link as the one you get from email notification OneSpan Sign will send to signers. #2, only through this link, authentication method validating signer will be available. On the other hand, if you get access from the url combined by authentication token, you won’t have this authentication process.

    3. Session Expiry during signing ceremony
    As we discussed above, your session expiry is different from your authentication token expiry. There’re two sessions available, sender session and signer session. For Sender session timeout, it’s to control the idle time when you operating as a sender at the Web UI Dashboard or when you in the Designer UI. For Signer session timeout, it’s to control the time when signer doing the signing ceremony, they will get a expired error message as the attachment shows(and the connection session will get expired) of no activity to prevent too long time idle connection. To get back to the connection, they can simply refresh the page to recover the session. But in the iFrame scenario, you need to handle this because once signer receive this error, if they directly refresh the page, they will get reconnected, but if they do some other operations like click buttons or browse forward document, they will trigger the redirect url and take control from your parent window. So you can refer to my blog to have this issue handled.

    Hope this could help!
    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Participant
    nehme
    Senior Member
    Member since: 23.07.2018
    Number of posts: 101

    Score

    0

    Hi Duo,

    Thanks for your detailed post. It is perfect for me, I am using now this eslClient.PackageService.GetSigningUrl(new PackageId(“package id”), “signer id”); .

    Thanks again for all the support :):)
    Nehme

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 398

    Score

    0

    No worries and always welcome to raise questions! 🙂


    Duo Liang
    OneSpan Junior Technical Evangelist

You must be logged in to reply to this topic.