User Credentials in Callback Event

pprasaduniveris-com | Posts: 5

User Credentials in Callback Event

Thursday, July 27, 2017 at 06:37am

Hello Folks We have a requirement to authenticate the callback requests using a system user before we can process the callback. Apart from the callback key solution where we would have to combine username/password encrypted string, is there a way where esignlive would accept username and password separately from us, store it in encrypted form and send it along with the callback event? Thanks

July 27 Created

January 21 Last Updated

7 years ago Last Reply

5 Replies

78 Views

4 Users

0 Likes

0 Links

harishaidary | Posts: 1812

Reply to: User Credentials in Callback Event

Friday, July 28, 2017 at 05:09am

Hi Prahalad. Unfortunately that is not possible. You're only option to authenticate callbacks is to use the callback key, which sent from esignlive in the Authorization header.

srik | Posts: 2

Reply to: User Credentials in Callback Event

Monday, August 27, 2018 at 03:40pm

Hi, We are also having the same situation. The callback url requires both basic auth param as well as x-api key for the url to work. So , is it only possible to pass basic auth param as the Callback key ? Thanks Srikanth

Duo_Liang | Posts: 3777

Reply to: User Credentials in Callback Event

Tuesday, August 28, 2018 at 09:30am

Hi Srikanth, I believe the callback key is the only way to pass credentials in callback notification. But you can always combine your parameters(auth param and x-api key) into one string and encrypt the string and decrypt them from the request header. Hope this could help you! Duo

srik | Posts: 2

Reply to: User Credentials in Callback Event

Tuesday, August 28, 2018 at 03:19pm

Thanks Dou. But this forum link https://community.onespan.com/forum/callback-failing says that callback key texbox = key value in the Authorization : Basic [ key] . So in my case the callback url has 2 Auth headers , one header being in the Authorization : Basic [Key] and the other header being X-API-KEY : [key] . Please advise

Duo_Liang | Posts: 3777

Reply to: User Credentials in Callback Event

Wednesday, August 29, 2018 at 05:54am

Hi Srikanth, As we discussed above, the only parameter OneSpan Sign can pass to you through callback notification is the "Authorization" attribute in the Request Headers. Here's the Spring MVC code I tested:

	
       @PostMapping("/callback")
	public String video(@RequestBody String body, @RequestHeader HttpHeaders headers) {
		System.out.println("receive a request...");
		System.out.println(headers.get("Authorization"));
		System.out.println(body.toString());
		
		return "index";
	}

This the what printed in the console:

receive a request...
[Basic callbackKey]
{"@class":"com.silanis.esl.packages.event.ESLProcessEvent","name":"PACKAGE_CREATE","sessionUser":"18EZDL44xgsX","packageId":"MCZ48z0FyrO3NYLgqBOXvMNmYGY=","message":null,"documentId":null,"createdDate":"2018-08-29T14:44:16.945Z"}

So I think it's impossible for you to set two parameters in Request Headers and verify the request directly. But you can combine and pass these two values in "Authorization". Please let us know if this works for you. Duo