cameronofoluwa | Posts: 15

We're sometimes receiving a 'Failed to validate token.' error

0 votes

We're using OneSpanSDK to generate e-signatures for clients, we're maybe generating ~800 per day. Every now and again a client will receive an

Unauthorized Access
Failed to validate token.

Error message. They seem to be random, and not very frequent, but due to the use-case, we need these to work straight away due to clients being in walk-in-centers and not always having emails we can email out a new link to.

Any suggestions why this may happen?
Thank you in advance.


Duo_Liang | Posts: 3776

Reply to: We're sometimes receiving a 'Failed to validate token.' error

0 votes

Hi Cameron,

 

Thanks for your post! Could you also fill in a support ticket ([email protected]) for your issue?

From your description, it sounds like your application is generating an signer authentication token, and building the signing ceremony link like below:

https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}

The error occurred when signer accessed the link?

There's actually another type of signing URL: https://community.onespan.com/documentation/onespan-sign/guides/feature-guides/developer/creating-signing-session
 

The key difference between the two links are: signer authentication token expires in 15 minutes and the signing URL won't expire.

 

Duo

 


cameronofoluwa | Posts: 15

Reply to: We're sometimes receiving a 'Failed to validate token.' error

0 votes

Hi,

We are using the getSigningUrl(packageId, role.Id) to provide the sign URLs. What else could be causing this issue?


Duo_Liang | Posts: 3776

Reply to: We're sometimes receiving a 'Failed to validate token.' error

0 votes

Hi Cameron,

 

In this case, are you generating a new signing URL every time or did you store the old link? Updating recipient info could be a reason which invalidates the signing URL.

 

Duo


cameronofoluwa | Posts: 15

Reply to: We're sometimes receiving a 'Failed to validate token.' error

0 votes

Hi Duo,

We generate a new signing URL for each package & recipient information will not be updated after this.

As soon as the package has been created and the URL is returned, the client instantly goes in to sign their document.

Thanks,

Cameron


Duo_Liang | Posts: 3776

Reply to: We're sometimes receiving a 'Failed to validate token.' error

0 votes

Hi Cameron,

 

In this case, I would suggest to fill in a support ticket and our support agents will help you check the logs and narrow down the cause of issue.

 

Duo


peterzog | Posts: 109

Reply to: We're sometimes receiving a 'Failed to validate token.' error

0 votes

Cameron,

Let us know what you find out.  We have a similar implementation and I have been chasing this one for a long time and have not been able to establish a root cause.  Support did not have an answer for me at the time.  We see it on a very small percentage of transaction.  I thought at one point it has something to do with the reserved apex keyword "_X" appearing in the token but I could not prove it. 

Peter


Duo_Liang | Posts: 3776

Reply to: We're sometimes receiving a 'Failed to validate token.' error

0 votes

Hi Cameron,

 

Peter refers to a previous post he made here:
https://community.onespan.com/forum/x-getting-removed-package-id

 

So I might get the same question to you: how you are generating the signing URL? I doubt the ootb APEX sdk has this function, were you creating your own function like the shared code I created in this guide? Or did you modified based on an existing SDK function?

 

Duo


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off