This section discusses the following sequence diagram, which illustrates the process used during an External Signer Verification.
Explanation of the Diagram
This section explains the following aspects of the sequence diagram:
Signer Verification Request
When a signer tries to confirm their approval of a document, they will be redirected to the specified External Verification Provider via a URL of the following form:
https://<VERIFICATION_SERVER ENDPOINT>?verificationRequestToken= <VERIFICATION_REQUEST_TOKEN>
Here:
<VERIFICATION_SERVER_ENDPOINT>is the configured URL endpoint for a specific External Verification Server.<VERIFICATION_REQUEST_TOKEN>is a Signer Verification Request Token generated by the OneSpan Sign Application Backend. That token contains the following information:- Document Identification Information — This contains data that identify the document and the signer. The External Verification Server needn’t do anything with this payload, except return it later as part of its verification response.
- User Identity Information — This is used to identify the signer whom the External Verification Server must verify. That information was specified by the External Verification Provider (e.g., a bank) when it added the signer to the transaction. This data can have any format; it’s up to the external Verification Server to extract the required information. The OneSpan Sign Application Backend does not interact with this information.
- Callback URL — This URL is used by the External Verification Server to redirect the signer back to the Signer Experience after they have been successfully verified.
- Transaction Information — This information is the transaction’s name and the document’s name. These items are provided in case the external Verification Server Web Portal needs to display them.
- Signer Information — This information is the signer’s first name, last name, and email address. These items are provided in case the external Verification Server Web Portal needs to display them.
The value of the verificationRequestToken query parameter will be extracted by the External Verification Server with the help of the SDK, which converts it into an object that contains all the fields listed above. The External Verification Server can then parse the User Identity Information to determine which user to verify.
At this point, the signer should be presented with an HTML form that prompts them to enter their credentials. Note that the Signer Verification Request Token is short‐lived and will expire in 30 seconds; therefore, the External Verification Server must consume it as soon as possible, and save the user data in a session.
Signer Verification Response
After the signer is successfully verified, the External Verification Server must communicate the result to the OneSpan Sign Application Backend. It does so by redirecting the user back to the Signer Experience via a redirect URL of the following form:
https://<CALLBACK_URL>?verificationResponseToken=<VERIFICATION_RESPONSE_TOKEN>
Here:
<CALLBACK_URL>is the URL provided in the Signer Verification Request Token described above.<VERIFICATION_RESPONSE_TOKEN>is a Signer Verification Response Token generated by the External Verification Server. It contains the following information:- Verified — This Boolean parameter is set to true if the signer was successfully verified. Otherwise, it's set to false.
- Document Identification Information — This is the data present in the Signer Verification Request Token. It must be sent back as part of the Signer Verification Response, so the OneSpan Sign Application Backend will confirm the right document for the right signer.
- Confirmation Payload — This is a confirmation number provided by the external Verification Server upon successful user verification. It is optional. This string will be capped at 150 characters.
The value of the verificationResponseToken query parameter will be extracted by the OneSpan Sign Application Backend with the help of the SDK, which converts it into an object that contains all the fields listed above. The OneSpan Sign Application Backend can now check if the signer was successfully verified, and parse the Document Identification Information to ensure that the right document is confirmed by the right signer.
If the optional Confirmation Payload is provided by the External Verification Server, it can be put in OneSpan Sign’s Evidence Summary.