Could not create a signer authentication token

Hi Zakir,

Thanks for your post! After a quick check in backoffice, the package ID matches with the role ID (the signerId field), and the code looks good to me. Just a quick question, is this parameter "requestObj.SignerId" refers to the same string "92d9bc18-61c0-4518-ad54-ee339d94f848", and the _ossClient refers to the same instance?

Generally speaking, this error message "Unexpected character encountered while parsing value: <. Path '', line 0, position 0." caused because the API returns an HTML format response(starting with <html>), instead of the expected JSON format. Hence it also could be a more general connection or proxy issue.

From troubleshooting's perspective, I would suggest to invoke both of these two functions side by side and observe if one failed while one succeeded:

string signingUrl = _ossClient.PackageService.GetSigningUrl(packageId, requestObj.SignerId);  

string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, requestObj.SignerId); 

Duo

Hi Duo,

Thanks for your quick response, it was a typo (requestObj.SignerId, it is something which I was receiving from client side, but both were having same signerId) from my side which I missed to update while posting it yesterday. 

Just to have a better clarity, I bypassed client request and hard-coded the values for testing.    

OssClient: It is same instance.

I was actually trying this one as below

            PackageId packageId = new PackageId("9ZK_9ixxxKjDs=");
            string signerId = "92d9bc18-61xxx4f848";
            var signingUrl = _ossClient.PackageService.GetSigningUrl(packageId, signerId);
            string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, signerId);
            return $"https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}";

I receive response only for signingUrl as below

var signingUrl = _ossClient.PackageService.GetSigningUrl(packageId, signerId);

https://sandbox.esignlive.com/authentication?target=https%3A%2F%2Fsandbox.esignlive.com%2Ftransaction%2F9ZK_9isXgNxxxFK283QWYwYw%3D%3D

But, I am getting the same exception, which I reported yesterday for this code

 string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, signerId);

My internet set up is not behind any proxy or VPN.   If it was any kind of proxy issue, then I think it should fail for both calls, it is working with first, but throwing exception when retrieving signerAuthToken.

Regards,

Zakir

Hi Zakir,

Thanks for the information! I have this guess - are you specifying "/api" at the end of the API_URL, like below?

string API_URL = "https://sandbox.esignlive.com/api";

OssClient _ossClient = new OssClient(API_KEY, API_URL);

Duo

My settings look like below and not appending '/api"

  "OneSpan": {
    "ApiKey": "",
    "AppUrl": "https://sandbox.esignlive.com"
  },

I see, then it could be the cause of the issue. Let me know if this works for you after adding the "/api" at the end.

Duo

Hi Duo,

Thank you very much, it works after adding "/api".  I don't know how I missed it.  I am getting both the signingURL as well as signer authentication token.  This works only when I hardcode the signerID value as per the code snippet in the above thread.   I picked the SignerID while browsing "https://sandbox.esignlive.com/".  I have attached the screenshot for your reference.

I still have couple of questions

1) Why RoleID is returned and not the SignerID, with this code below.   Is there a better way for retrieve the signerID ?

var packages = _ossClient.PackageService.GetPackages(DocumentPackageStatus.SENT, packages.NextRequest);
var filteredPackages = packages.Results.Where(p => p.Signers.Any(s => s.Email.Equals(email))).ToList();

foreach (DocumentPackage p in filteredPackages)

{
     var signer = p.Signers.SingleOrDefault(s => s.Email.Equals(email));

     // here signer.Id returns RoleID and not the signerID ?

}

I am doing the above to filter and show documents specific to a signer.

2)  Which is the better approach for signingURL
 a) https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}", or
 b) https://sandbox.esignlive.com/authentication?target=https%3A%2F%2Fsandbox.esignlive.com%2Ftransaction%2F9ZK_9isXgNxxxFK283QWYwYw%3D%3D

Regards,

Zakir

Hi Zakir,

Yeah, it's a known limitation that the SDK was designed to only expose role ID, while still some functions requires to input Signer ID...

This can be worked around if you are creating the transaction via code, and to specify .CustomId() while adding the signer.

If you can't specify the role ID and signer ID during the package creation, then you could only use signer authentication token because the function also accepts to directly use the signer's email as an input parameter:

string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, "[email protected]"); 

NOTE: it's only applicable when there's no multiple signers sharing the same email

In terms of the differences between signing URL and a URL build out of signer authentication token:

1. A “loginToken” is less secure and therefore requires more stringent authentication than an “authenticationToken”. If you have configured an Authentication Method (SMS/Q&A/KBA) for your signer and you want this process to validate your signer before his/her getting access to signing ceremony, you would choose to use Signing URL.

On the other hand, if you get access to the URL through the Authentication Token, there won’t be an authentication process, because the “authentication token” itself means you have already authenticated your signer by other ways.

2. The signing URL will not expire. It’s the same link as the one you obtained from the email notification OneSpan Sign sent to signers, while signer authentication token expires in 30 minutes.

Duo