pprasaduniveris-com | Posts: 5

User Credentials in Callback Event

Thursday, July 27, 2017 at 06:37am
0 votes
Hello Folks We have a requirement to authenticate the callback requests using a system user before we can process the callback. Apart from the callback key solution where we would have to combine username/password encrypted string, is there a way where esignlive would accept username and password separately from us, store it in encrypted form and send it along with the callback event? Thanks
harishaidary | Posts: 1812

Reply to: User Credentials in Callback Event

Friday, July 28, 2017 at 05:09am
0 votes
Hi Prahalad. Unfortunately that is not possible. You're only option to authenticate callbacks is to use the callback key, which sent from esignlive in the Authorization header.
srik | Posts: 2

Reply to: User Credentials in Callback Event

Monday, August 27, 2018 at 03:40pm
0 votes
Hi, We are also having the same situation. The callback url requires both basic auth param as well as x-api key for the url to work. So , is it only possible to pass basic auth param as the Callback key ? Thanks Srikanth
Duo_Liang | Posts: 3776

Reply to: User Credentials in Callback Event

Tuesday, August 28, 2018 at 09:30am
0 votes
Hi Srikanth, I believe the callback key is the only way to pass credentials in callback notification. But you can always combine your parameters(auth param and x-api key) into one string and encrypt the string and decrypt them from the request header. Hope this could help you! Duo
srik | Posts: 2

Reply to: User Credentials in Callback Event

Tuesday, August 28, 2018 at 03:19pm
0 votes

Thanks Dou. But this forum link https://community.onespan.com/forum/callback-failing says that callback key texbox = key value in the Authorization : Basic [ key] . So in my case the callback url has 2 Auth headers , one header being in the Authorization : Basic [Key] and the other header being X-API-KEY : [key] . Please advise

Duo_Liang | Posts: 3776

Reply to: User Credentials in Callback Event

Wednesday, August 29, 2018 at 05:54am
0 votes
Hi Srikanth, As we discussed above, the only parameter OneSpan Sign can pass to you through callback notification is the "Authorization" attribute in the Request Headers. Here's the Spring MVC code I tested: 
	
       @PostMapping("/callback")
	public String video(@RequestBody String body, @RequestHeader HttpHeaders headers) {
		System.out.println("receive a request...");
		System.out.println(headers.get("Authorization"));
		System.out.println(body.toString());
		
		return "index";
	}
This the what printed in the console: 
receive a request...
[Basic callbackKey]
{"@class":"com.silanis.esl.packages.event.ESLProcessEvent","name":"PACKAGE_CREATE","sessionUser":"18EZDL44xgsX","packageId":"MCZ48z0FyrO3NYLgqBOXvMNmYGY=","message":null,"documentId":null,"createdDate":"2018-08-29T14:44:16.945Z"}
So I think it's impossible for you to set two parameters in Request Headers and verify the request directly. But you can combine and pass these two values in "Authorization". Please let us know if this works for you. Duo

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off

LoginSign Up