Orin

A little help needed on sign with session token

0 votes
Hi I noticed there is a method in iOS mobile sdk, allows to sign with session token. I am wondering if it is possible to use our server API to get that session token from eSignLive server and pass it down to mobile apps? I know this sounds weird b/c we should have one session token per session (between one mobile device and eSignLive server) The reason we are considering this manner is : we worry about not quite secured if we use email and password to login to eSignLive directly. Any advice? Thanks a lot

Approved Answer

Reply to: A little help needed on sign with session token

0 votes
You are probably getting an invalid session token. With the API key, you can do the following call to get a session token:
POST https://sandbox.esignlive.com/api/sessions
You will get something like as a response:
{
    "sessionToken": "79cadbffaf5f4240da42fc2a62b882feb01b6c917005c627"
}
Then you can use that to login with the iOS SDK. Let me know if this works.
Haris Haidary OneSpan Technical Consultant

Reply to: A little help needed on sign with session token

0 votes
Hi Orin, As per our mobile dev team, the mobile sdk doesn't provide the signer session token.
Haris Haidary OneSpan Technical Consultant

Reply to: A little help needed on sign with session token

0 votes
Hi, Haris Thanks for the update, would you mind help answer what does the method "loginWithSessionToken" do? Thanks a lot.

Reply to: A little help needed on sign with session token

0 votes
The "loginWithSessionToken" call logs you into the SDK with eSignLive session token - this is useful for applications using external SSO login or any other way of authentication.
Haris Haidary OneSpan Technical Consultant

Reply to: A little help needed on sign with session token

0 votes
Hi, Haris I am wondering if it is possible to use our server API to start signing with eSignLive and get a session token, and then pass it down to mobile apps to use as login? Thanks.

Reply to: A little help needed on sign with session token

0 votes
You can get the session token with the API key and use it to login. Our recommendation is not to use the API key from the application, because of security reasons. If someone sniff the traffic, and get his API key, they can do anything with the account. The API key should be used from the server. If you obtain the session token from the server, and provide the token to the application, that would be much more secure.
Haris Haidary OneSpan Technical Consultant

Reply to: A little help needed on sign with session token

0 votes
Thanks, Haris We plan to use API key only from our server to esl server and pass down the session token to mobile device. That's why we try to avoid loginwithemail at first place, for security consideration.

Reply to: A little help needed on sign with session token

0 votes
Hi, Haris I am back again on this topic after a almost a year. I tried to login with session token using the latest iOS SDK (3.5) It returns 401 like this: error on the server: { code = 401; message = "Failed to retrieve Session"; messageKey = "error.unauthorised.noSession"; name = Unauthorized; } With a valid session token, https://sandbox.esignlive.com/api/session/apiKey?ESIGNLIVE_SESSION_ID=xxxxxx which works within browser. In fact, this method returns 401 no matter what session token I feed in. I am using iOS simulator. Would you mind help? Thanks a lot

Reply to: A little help needed on sign with session token

0 votes
Hi Orin, a 401 error means you're session token is invalid. The reason why pasting "https://sandbox.esignlive.com/api/session/apiKey?ESIGNLIVE_SESSION_ID=xxxxxx" works is because most probably you are already authenticated. If you try to enter "https://sandbox.esignlive.com/api/session/apiKey?ESIGNLIVE_SESSION_ID=12345abc", you will still be returned an api key because you're authenticated. Let me ask you this, how are you generating this session token?
Haris Haidary OneSpan Technical Consultant

Reply to: A little help needed on sign with session token

0 votes
That sounds possible. Our web team got sessiontoken by apikey and then send to me manually. We are testing this loginWithSessionToken function. Any idea what we might not doing right? Thanks

Reply to: A little help needed on sign with session token

0 votes
Thanks for the reply. Haris Login with session token works now. Thanks a lot

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off