Could not create a signer authentication token
Tuesday, September 14, 2021 at 07:55amHi,
I am trying to retrieve the signer authentication token to build the SignInUrl to be used in Iframe in our application, which we are working on.
I am trying to use the approach of creating SignerSession with Signer Authentication Tokens as per the below blogs
1) Authentication Tokens | OneSpan Community Platform
2) OneSpan Sign Developer: Session, Authentication Token, and Signing Url – Part2 | OneSpan
Package Version: OneSpanSign>Sdk (11.43.0)
Below is the code snippet, I am using
PackageId packageId = new PackageId("9ZK_9isXgNtETaEjnJLhIn0KjDs=");
string signerId = "92d9bc18-61c0-4518-ad54-ee339d94f848";
var signingUrl = _ossClient.PackageService.GetSigningUrl(packageId, signerId); // this works fine, I am getting the signinUrl.
string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, requestObj.SignerId); // doesn't work
return $"https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}";
I am receiving this exception.
OneSpanSign.Sdk.OssException: Could not create a signer authentication token. Exception: Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
---> Newtonsoft.Json.JsonReaderException: Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
at Newtonsoft.Json.JsonTextReader.ParseValue()
at Newtonsoft.Json.JsonReader.ReadForType(JsonContract contract, Boolean hasConverter)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonSerializer.Deserialize(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value)
at OneSpanSign.Sdk.OssServerException..ctor(String message, String errorDetails, WebException cause)
at OneSpanSign.Sdk.Internal.HttpMethods.PostHttp(String apiKey, String path, Byte[] content, IDictionary`2 headers)
at OneSpanSign.Sdk.RestClient.Post(String path, String jsonPayload)
at OneSpanSign.Sdk.AuthenticationTokenService.CreateSignerAuthenticationToken(PackageId packageId, String signerId, IDictionary`2 fields)
--- End of inner exception stack trace ---
at OneSpanSign.Sdk.AuthenticationTokenService.CreateSignerAuthenticationToken(PackageId packageId, String signerId, IDictionary`2 fields)
at OneSpanSign.Sdk.AuthenticationTokenService.CreateSignerAuthenticationToken(PackageId packageId, String signerId)
at OneSpanDigital.Controllers.Services.DocumentService.GetSignerUrl(SignerUrlRequest requestObj) in D:\_workarea\OneSpan\OneSpanDigital\OneSpanDigital\Controllers\Services\DocumentService.cs:line 76
at OneSpanDigital.Controllers.TransactionsController.GetSignerUrl(SignerUrlRequest requestObj) in D:\_workarea\OneSpan\OneSpanDigital\OneSpanDigital\Controllers\TransactionsController.cs:line 109
I is there something I am missing here. Any assistance would be really helpful.
Also, which is the secure approach, is using session token based URL or signing URL generated from "PackageService".
Reply to: Could not create a signer authentication token
Tuesday, September 14, 2021 at 09:06amHi Zakir,
Thanks for your post! After a quick check in backoffice, the package ID matches with the role ID (the signerId field), and the code looks good to me. Just a quick question, is this parameter "requestObj.SignerId" refers to the same string "92d9bc18-61c0-4518-ad54-ee339d94f848", and the _ossClient refers to the same instance?
Generally speaking, this error message "Unexpected character encountered while parsing value: <. Path '', line 0, position 0." caused because the API returns an HTML format response(starting with <html>), instead of the expected JSON format. Hence it also could be a more general connection or proxy issue.
From troubleshooting's perspective, I would suggest to invoke both of these two functions side by side and observe if one failed while one succeeded:
string signingUrl = _ossClient.PackageService.GetSigningUrl(packageId, requestObj.SignerId);
string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, requestObj.SignerId);
Duo
Reply to: Hi Zakir, Thanks for…
Wednesday, September 15, 2021 at 02:58amHi Duo,
Thanks for your quick response, it was a typo (requestObj.SignerId, it is something which I was receiving from client side, but both were having same signerId) from my side which I missed to update while posting it yesterday.
Just to have a better clarity, I bypassed client request and hard-coded the values for testing.
OssClient: It is same instance.
I was actually trying this one as below
PackageId packageId = new PackageId("9ZK_9ixxxKjDs=");
string signerId = "92d9bc18-61xxx4f848";
var signingUrl = _ossClient.PackageService.GetSigningUrl(packageId, signerId);
string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, signerId);
return $"https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}";
I receive response only for signingUrl as below
var signingUrl = _ossClient.PackageService.GetSigningUrl(packageId, signerId);
https://sandbox.esignlive.com/authentication?target=https%3A%2F%2Fsandbox.esignlive.com%2Ftransaction%2F9ZK_9isXgNxxxFK283QWYwYw%3D%3D
But, I am getting the same exception, which I reported yesterday for this code
string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, signerId);
My internet set up is not behind any proxy or VPN. If it was any kind of proxy issue, then I think it should fail for both calls, it is working with first, but throwing exception when retrieving signerAuthToken.
Regards,
Zakir
Reply to: Hi Duo, Thanks for your…
Wednesday, September 15, 2021 at 08:53amHi Zakir,
Thanks for the information! I have this guess - are you specifying "/api" at the end of the API_URL, like below?
string API_URL = "https://sandbox.esignlive.com/api";
OssClient _ossClient = new OssClient(API_KEY, API_URL);
Duo
Reply to: Hi Zakir, Thanks for the…
Wednesday, September 15, 2021 at 08:59amMy settings look like below and not appending '/api"
"OneSpan": {
"ApiKey": "",
"AppUrl": "https://sandbox.esignlive.com"
},
Reply to: My settings look like below…
Wednesday, September 15, 2021 at 09:01amI see, then it could be the cause of the issue. Let me know if this works for you after adding the "/api" at the end.
Duo
Reply to: I see, then it could be the…
Wednesday, September 15, 2021 at 10:31amHi Duo,
Thank you very much, it works after adding "/api". I don't know how I missed it. I am getting both the signingURL as well as signer authentication token. This works only when I hardcode the signerID value as per the code snippet in the above thread. I picked the SignerID while browsing "https://sandbox.esignlive.com/". I have attached the screenshot for your reference.
I still have couple of questions
1) Why RoleID is returned and not the SignerID, with this code below. Is there a better way for retrieve the signerID ?
var packages = _ossClient.PackageService.GetPackages(DocumentPackageStatus.SENT, packages.NextRequest);
var filteredPackages = packages.Results.Where(p => p.Signers.Any(s => s.Email.Equals(email))).ToList();
foreach (DocumentPackage p in filteredPackages)
{
var signer = p.Signers.SingleOrDefault(s => s.Email.Equals(email));
// here signer.Id returns RoleID and not the signerID ?
}
I am doing the above to filter and show documents specific to a signer.
2) Which is the better approach for signingURL
a) https://sandbox.esignlive.com/access?sessionToken={signerAuthToken}", or
b) https://sandbox.esignlive.com/authentication?target=https%3A%2F%2Fsandbox.esignlive.com%2Ftransaction%2F9ZK_9isXgNxxxFK283QWYwYw%3D%3D
Regards,
Zakir
Reply to: Hi Duo, Thank you very much…
Wednesday, September 15, 2021 at 11:26amHi Zakir,
Yeah, it's a known limitation that the SDK was designed to only expose role ID, while still some functions requires to input Signer ID...
This can be worked around if you are creating the transaction via code, and to specify .CustomId() while adding the signer.
If you can't specify the role ID and signer ID during the package creation, then you could only use signer authentication token because the function also accepts to directly use the signer's email as an input parameter:
string signerAuthToken = _ossClient.AuthenticationTokenService.CreateSignerAuthenticationToken(packageId, "[email protected]");
NOTE: it's only applicable when there's no multiple signers sharing the same email
In terms of the differences between signing URL and a URL build out of signer authentication token:
1. A “loginToken” is less secure and therefore requires more stringent authentication than an “authenticationToken”. If you have configured an Authentication Method (SMS/Q&A/KBA) for your signer and you want this process to validate your signer before his/her getting access to signing ceremony, you would choose to use Signing URL.
On the other hand, if you get access to the URL through the Authentication Token, there won’t be an authentication process, because the “authentication token” itself means you have already authenticated your signer by other ways.
2. The signing URL will not expire. It’s the same link as the one you obtained from the email notification OneSpan Sign sent to signers, while signer authentication token expires in 30 minutes.
Duo
Reply to: Hi Zakir, Yeah, it's a…
Saturday, September 18, 2021 at 02:05am