I'm using the DocuSign C# Client Library.
To get the signing URL, I use the Envelopes::createRecipientView function (https://developers.docusign.com/esign-rest-api/reference/Envelopes/EnvelopeViews/createRecipient).
When the user has processed the envelope, he is redirected to the URL set up by RecipientViewRequest::ReturnUrl.
As I configured the destination URLs in the Brand/In-session settings, is it possible to redirect the user to those URLs using the Envelopes::createRecipientView function ?
You can , but your code would have to do that. you have to get the url that you configured and assigned it to the returnUrl when you create the recipientView url.
Related
I am trying to establish SSO using Azure AD, but facing a peculiar condition. When I first try to login via application url, it redirects me to AD login page. After successful authentication, a cookie is generated. But the redirection does not take place to the original uri that I opened.
It goes to domain controller page where it says 403- forbidden access.
But, after refreshing the page, site opens normally like how it should have in the 1st time itself.
Original URL: https://-webapp*.tl.co.in/TSEERMDEV/
During login:
https://login.microsoftonline.com/f35425af-4755-4e0c-xxxx-b3cb9f1c6afd/oauth2/v2.0/authorize?client_id=cccccccc-219d-4c3b-bbc9-a1d32caa79a3&post_uri=https%3A%2F%2F**-webapp*.t**l.co.in%2FTSEERMDEV%2F&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DP2o_ddgKlg9kRjVV49yxtFnHEZPT-i4ROq2k7zUVGDv0SzlhfhKy8WLkinKE_IFSgN2tWpJt4Jte-Y34NIod0mmmmmmmmsssssssstetstesteB7IOnFZUKVyv-kNbXQev25viPA-5TDi2sIkhBPSZKwSzvCP9cu_7VRNk5v53Ekjo032xjNA_-R-ulXWAW_SM3O6zqh6otO3O1tR1xpXQ8A&response_mode=form_post&nonce=637594416396999271.ZDA5M2Y4MGYtMmFiNC00OGJhLThhMDUtNDY5YTNlYTU1NTRhNzUwZjdiMDUtZGZmNy00YjMNC44GGMtNmQyYzliNzNkYjA4&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0
redirect url: https://-webapp*.tl.co.in/TSEERMDEV/
Your original URL: https://-webapp*.tl.co.in/TSEERMDEV/ is invalid, and the invalid url cannot be added as the redirect url of the application.
So, you need to set the correct redirect url, and then you can try to use this url to send a login request:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={client_id}
&response_type=id_token
&redirect_uri={redirect_uri}
&response_mode=form_post
&scope=openid
&state=12345
&nonce=678910
Recently I have used Facebook Login option in my website. I have wrote all the APIs needed and tested them thoroughly in using "localhost" as domain. While configuring settings in my APP in Facebook developers account, I have setup all the necessary settings like giving Oauth redirect URL, adding domain name in basic settings and other things. Everything worked fine then. So, I have requested required app permissions like pages_manage_posts, pages_read_enagagment, pages_show_list and applied for them. Facebook approved them in the app review.
the Redirect URL ("https://execute.app/#/socialmedia/management/") that I used in Facebook is correctly put in the Facebook Oauth redirect URL path as shown in the pic below.
I have used server side APIs for Facebook login and graph APIs. I have used Oauth2 for Facebook login. You can see the code below
var OAuth2 = require('oauth').OAuth2;
var oauth2 = new OAuth2(CONSTANTS.FB_APP_Key,
CONSTANTS.FB_APP_Secret,
"", "https://www.facebook.com/dialog/oauth",
"https://graph.facebook.com/oauth/access_token",
null);
app.get('/api/document/facebook/auth', function (req, res) {
var redirect_uri = "https://execute.app/#/socialmedia/management/";
console.log("redirect_uri ", redirect_uri);
var params = { 'redirect_uri': redirect_uri, 'scope': 'email,public_profile,pages_manage_posts,pages_show_list,pages_read_engagement' };
var authUrl = oauth2.getAuthorizeUrl(params);
res.send({
"status": true,
"message": "login url generated successfully",
"url": authUrl
});
});
I will explain the problem in two scenarios below.
Scenario-1: When there is and existing active Facebook session in browser i.e, when some user is already logged into Facebook in facebook.com or developers.facebook.com and when we try to login into Facebook from our website, Oauth Authentication API gets called and returns Facebook login URL with status code 200 and the url gets opened in a new tab, its works fine, we don't need to enter Facebook login credentials again, we can just click on "**Continue as USER**" button and then we get the login code, with which we can get user access token. After getting token everything works as planned.
Scenario-2: But if no user is already logged into Facebook in browser and when I click on **login to Facebook** button, API call is made and it returns login URL, but the response status code sent by Oauth login API is 304. A new Facebook login tab is opened, but there is a warning displaying a message saying "URL blocked.
This redirect failed because the redirect URI is not white-listed in the app's client OAuth settings. Make sure that the client and web OAuth logins are on and add all your app domains as valid OAuth redirect URIs."
But you can see that I have added correct Redirect URL in Facebook already. It works in scenario-1 and does not work in another as I mentioned above.
Note: the Facebook login URL returned by Oauth Authentication API is same regardless the status code 200 or 304 . It goes as " https://www.facebook.com/dialog/oauth?redirect_uri=https%3A%2F%2Fexecute.app%2F%23%2Fsocialmedia%2Fmanagement%2F&scope=email%2Cpublic_profile%2Cpages_manage_posts%2Cpages_show_list%2Cpages_read_engagement&client_id=88XXXXXXX663"
Please help me in solving this issue ,thanks in advance
The OAuth RFC states for the redirect URI that:
The endpoint URI MUST NOT include a fragment component.
It might be a bug in Facebook that it works for some scenarios and does not work for others, but in fact it's best to avoid a URI with a fragment component. If Facebook's documentation states that you can use redirect URIs with fragments I would try to contact them ask why this doesn't work in some scenarios.
I have registered the app in Azure AAD with reply urls. Enable id_token and auth token. If i give the exact url as the parameter it works fine. but if I add the query string as a parameter in reply url it is not working and throws error
AADSTS50011: The reply url specified in the request does not match the
reply urls configured for the application: ''.
Below is my sample URL format generated by ADAL.js file.
https://login.microsoftonline.com/.onmicrosoft.com/oauth2/authorize
?response_type=id_token &client_id=
&redirect_uri=?p1=123&p2=456
&state=62439108-d296-4a0d-91cc-4f6580656e83
&client-request-id=1a5ad90a-26fc-4e60-bbcc-8d58bbbcc1f7
&x-client-SKU=Js &x-client-Ver=1.0.13
&nonce=a4a6215c-0706-4fbc-91a9-36e4cd3a262e
If i remove this ?p1=123&p2=456 query string from the redirect_url, it works fine. The other workaround i see is if i go to legacy app registration and add "" at the end of the url it is working. But the new app registration does not allow "" in the reply_url while registration.
Anyone else also faced the same issue and fixed without adding "*" in the reply_url registration? please let me know.
This is an issue with ADAL.js (and MSAL.js) setting the redirect URI to the current URL by default.
You can get around it with an approach like this:
Set redirect URI as window.location.origin + "/aad-callback" (or anything else)
When requiring login, store current URL in sessionStorage (or local storage or a cookie)
Trigger login redirect
When your app gets a callback to /aad-callback, handle the tokens from the URL fragment
Load the local redirect URL from sessionStorage
Redirect user there
I wrote an article related to this but for MSAL.js: https://joonasw.net/view/avoiding-wildcard-reply-urls-with-msal-js.
The concepts are the same for ADAL.js.
I'm trying to make an authorization request and I'm receiving the error:
Redirect URI is not registered properly with DocuSign
This is the URL I'm using:
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=XXXXXXXX&redirect_uri=http://1.11.111.111/auth/callback?secret=XXXXXXXXX
This is the redirect URI I registered, matching the URL above:
This is the error:
The client_id matches the integrator key.
Any pointers?
Do not include any of the query parameters when you are configuring the Redirect URI(s) through your DocuSign account. So instead of this
http://1.11.111.111/auth/callback?secret=XXXXXXXXX
It should be
http://1.11.111.111/auth/callback
Note that redirect URIs are case-sensitive so make sure you also are matching it exactly.
in my MVC framework in codeignitor I have to working on docusign the electronic sign using api after sign document how to get response of that is if sign completed or process or cancel etc..
$response = $service->views->getRecipientView(
$returnUrl, $envelopeId, $contact_name,
$contact_email, $client_id, $authMethod
);
You can determine what action the recipient took during the embedded signing flow by parsing the re-direct URL. Once they are done signing in the iFrame or webview they will be re-directed to the URL you specified in your $returnUrl parameter.
For instance, if your return URL is https://www.docusign.com/developer-center and the user successfully signed the document the return URL would look like:
https://www.docusign.com/developer-center?event=signing_complete
Or if the recipient declined to sign then the return URL would look like:
https://www.docusign.com/developer-center?event=decline
All of this info (including code samples) is available through the QuickStart section of the DocuSign Developer Center and in the API Documentation.