shana_lajoie

Session Token

0 votes
Hi, I'm a little confused on the Signer Session. Right now, we created the package and then get the url via the GetSigningUrl via the PackageService. What I undestand : When the user go to the the url authenticate itself (via the question/answerm or the sms), the session is created automatically and will expire after 20 minutes. The url remains active until the transaction expired. About the session token. I am able to get the token from the transaction, after invoking the CreateSession(..). When I am trying to go the the url : https://sandbox.e-signlive.com/access?sessionToken= directly from the browser; I get "Unauthorized AccessYour authenication token was incorrect.". (*Instead of =

Approved Answer

Reply to: Session Token

1 votes
Ah yes, you are indeed correct. I forgot about that call. Here's an example on our github page :) https://github.com/eSignLive/esl.sdk.net/blob/3eee62712b3a92b5560f29f5354d7c4eee1336f9/sdk/SDK.Examples/src/SigningRedirectForSignerForSingleUseExample.cs
Haris Haidary OneSpan Technical Consultant

Reply to: Session Token

0 votes
Hi Shana, The signing url is the same url as in the email notification you receive to sign documents. When accessing a package using the signing url, the application assumes you are remote. Therefore, if you have set any authentication (SMS/Q&A), it will be enabled. Finally, the signing url does not expire. The signer can always access the package so long as the package isn't in draft. As for session tokens, they expire after 30 mins and can be used multiple times within that time frame. However, if you've set any authentication (SMS/Q&A), it will be bypassed. To create a signing session using signer authentication tokens, you'll need to do the following:
string signerAuthToken = eslClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, signerId);
And build the following url: https://sandbox.e-signlive.com/access?sessionToken={signerAuthenticationToken} Hope this helps.
Haris Haidary OneSpan Technical Consultant

Reply to: Session Token

0 votes
Hi, I undestand better. So, when i create the SignerAuthentificationToken, I will be able to acess the url en sign the document, bypassing the Q/A/SMS. Will I still need to create the session before that, no ? If the answer is no : when is is best to use the sessionToken and when is it best to use the SignerAuthentificationToken ? Thank you very much for you time,

Reply to: Session Token

0 votes
Once you've accessed the package using a signer authentication token, the session is created for you. Hence, it really boils down to two methods to create a signing session: 1. Retrieve the signing url 2. Create a signer authentication token and build https://sandbox.e-signlive.com/access?sessionToken={signerAuthenticationToken} I believe the CreateSession() method is an old call and it is now deprecated.
Haris Haidary OneSpan Technical Consultant

Reply to: Session Token

0 votes
Is there a equivalent Signer token that cannot be use multiple time? Now I am using the CreateSignerAuthenticationToken. I would like a signer Authentication token that is single use, (stillbypassing the Q/A/SMS) . Is that possible ?

Reply to: Session Token

0 votes
Not with the out of the box SDK unfortunately. You will need to make a REST API call to create a single use signer token: http://docs.esignlive.com/content/c_integrator_s_guide/rest_api/authentication_tokens.htm Note that the SDK is open source. Hence, you can always make changes to it and modify to point the CreateSignerAuthenticationToken() call to be single use.
Haris Haidary OneSpan Technical Consultant

Reply to: Session Token

0 votes
But in the authentication service in the SDK, I see the CreateSignerAuthenticationTokenForSingleUse function who takes three parameters :
public string CreateSignerAuthenticationTokenForSingleUse(Silanis.ESL.SDK.PackageId packageId, string signerId, System.Collections.Generic.IDictionary fields)
Could I use this one, are you aware of it ? Thank you, :)

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off