Openning signing ceremony for in-person signers

0 votes
Hi, We found that there are two ways to get signing ceremony URL for signers, and they both seem to work, but not sure which one is the right way of doing it or if one approach is preferred over the other and why. Here is a sample code:
  EslClient eslClient = new EslClient(API_KEY, API_URL);
  AuthenticationClient authenticationClient = new AuthenticationClient(API_BASE_URL); 

  String signerSessionToken = eslClient.getAuthenticationTokensService().createSignerAuthenticationToken(packageId, signerId1); 
  System.out.println("SessionToken: " + signerSessionToken);

  String signer1SigningUrl = authenticationClient.buildRedirectToSigningForSigner(signerSessionToken, packageId);
  System.out.println("URL2: "+signer1SigningUrl);
And the output is:
SessionToken: M2IzYWNkYTQtYWM2MS00MTU1LWEyYmItNjkyOWE2MjEwMzM3
Thanks for your advice.

Reply to: Openning signing ceremony for in-person signers

0 votes
I think there are really 3 ways to get a signer session. 4 if you include using your signerAuthenticationToken as a sessionToken, like you did above. The 3 ways are: Create a session token:
SessionToken sessionToken = eslClient.getSessionService().createSessionToken( packageId.getId(), "Signer" );
Using this session token in a URL like:{sessionToken} will simply get you the signing session and will bypass any authentication you have set up. Create a Signing URL:
String signingUrlForSigner = eslClient.getPackageService().getSigningUrl(packageId, "Signer");
This URL will take you to the package, but will require you to still authenticate (sms, Q&A, etc). Lastly, you have your signerAuthenticationToken, that you show above:
String signer1SigningUrl = authenticationClient.buildRedirectToSigningForSigner(signerAuthToken, packageId.getId());
When creating your signerAuthToken, you can add session fields to the token to be used as part of the signing ceremony. See the Signer Session Fields section in the documentation. As you also showed, this token can be used like a sessionToken from option one above. Like the sessionToken option, this one will bypass your authentication (SMS, Q&A, etc.). I believe the signerAuthenticationToken expires 30 minutes after it's created. This timeframe is configurable through our support staff. Hopefully this helps clear a little bit up. Let me know.

- Michael

Director, Partner and Developer Technologies, OneSpan

Facebook - Twitter - LinkedIn

Reply to: Openning signing ceremony for in-person signers

0 votes
Thanks Michael for the reply. In our case, we would like to open signing ceremony and pass the control to the signer. The second one (getSigningUrl) seems to work only for one particular signer as it doesn't allow to switch to different signer. The other two approaches allow you to switch signers on the fly. So I guess the using authenticationClient.buildRedirectToSigningForSigner is a better way to do this. The other part that was not clear first was to create an auth token for a particular signer, while I have multiple in-person signers, I wasn't sure which signer to pick and why, so I randomly picked one of the signers. So I guess documentation can be improved in that area. Thanks again for your help.

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off