I'm using Yousign on my onboarding process to make my users sign a contract before accessing my application.
To achieve that:
On the YouSign UI, I manually create a new procedure from a template and copy the signature link (I get a URL like https://staging-app.yousign.com/procedure/sign?members=/members/a8xxxxxx)
I copy that link on my user account
When the user logs in, I open a modal and display the signature procedure in an iframe
When the users has signed on the iframe, I redirect him to a webpage where I trigger an event that closes the modal
At that stage, when the modal closes I'd like to check through a backend API call to YouSign API if the procedure has been fully signed.
But I can't find anything to do that in the API.
It seems I could use the GET /procedures/xxx method, but the Signature link does not contain any procedureID, only members IDs.
And there is no GET /members/xxx method, so I can't retrieve any procedure from there.
The use case of checking if a document has been signed seems pretty common for a e-signature API so I'm probably missing an obvious solution.
Related
I am trying to set the AppClip invocation for my App which is already released on app store.
I need an url such that it provides me a jobId e.g.: https://example.com/task?jobId=00001.
My use case is that I send the sms with the url https://example.com/task?jobId=00001 to the user, the user clicks on the url and the app gets started. Then for the other user I send the next url with corresponding jobId.
I did setup the AASA file for my domain (contains the JSON with "applinks" and "appclip" objects) which is valid, also the Domain status is valid on App Store Connect. There is a default experience set with title, subtitle, image and action. I also configured an advance experience for the url https://example.com/task.
However, my app clip doesn't get invoked if I access the url from either sms text or safari. :(
I do not have a web page for https://example.com/task therefore I haven't set up the meta data for this.
Is it possible to invoke the AppClip this way? It is really important for me that the URL is dynamic and I pass that jobId every time for each individual booking.
There s no much documentation and I already read at least twice Apple documentation about AppClip.
Because of this:
I do not have a web page for https://example.com/task therefore I haven't set up the meta data for this.
The answer to this:
Is it possible to invoke the AppClip this way?
Is no. Sorry, you need to own the domain you're working with, or at the very least have means to access its CNAME config (thus, be able to induce the owner of that domain to change the CNAME configs to what you want it to be, similar to what branch.io and AppsFlyer does with its users/clients).
I'm developing a basic recruitment-type website.
I have an "Apply" CustomForm attached with a contenttype("Job"), but I can't get access fields outside of the CustomForm widget. I'm trying to add the reference number or the url to the email within the workflow. Orchard shows {Content.Fields.Input-Reference} token, but it returns no value when used.
Should I overwrite the handler when the form is created or how can I access fields of other zones?
As far as I understand the question, you don't actually need to add a custom token to your module. Custom Forms module takes care of that for you and adds the tokens for fields itself. You just need to use them in the email module.
Just look for a tokens named like this:
Content.Fields.[FormContentTypeName].[FieldName]
Not that the tasks of adding custom tokens to the system and accessing them inside the workflow are particularly hard, mind you.
I'm working on a web application under Laravel and I'm trying to be as RESTful as I can, but admittedly this is the first time writing this kind of application.
I'm specifically trying to create RESTful URI's for the controllers of my project.
So far I have (in pseudo code)...
URI Goes to... Desc
--- ---------- ----
/ GET
if logged in dashboard GET
else frontpage GET
login GET login GET login form
login POST login POST attempt login
login DELETE login DELETE logout
user GET
if logged in user GET show user control panel
else login GET redirect to the login w/ error
So far so good, but how should I go about creating a new user?
I had a couple of ideas, for example:
URI Goes to... Desc
--- ---------- ----
user/create GET register GET show the create user form
user/create POST register POST attempt to create a new user
So we use a register controller here, but we hide it behind the user URI.
Advantage here is that we stick to HTTP actions (just GET and POST), and we create a nice readable URI.
Disadvantage is that our URI does not accurately represent our controller.
URI Goes to... Desc
--- ---------- ----
register GET register GET show the create user form
register POST register POST attempt to create a new user
In this case we have A. used HTTP controls, B. created a URI that is a representation of our controller, and C. created a nice readable URI, but unfortunately our URI isn't really representational of the data. In no way is this register controller representative of our user.
Which is more appropriate? Why? Is there a better way? Thanks!
In those cases I would create a Route::resource for users, like so:
Route::resource('user', 'UsersController');
and to optimize user readability add:
Route::get('/signup', 'UsersController#create');
For logins I would create a Route::resource for sessions, like so:
Route::resource('sessions', 'SessionsController');
and to again, optimize user readability add:
Route::get('/login', 'SessionsController#create');
Using resources makes some methods ready for you, but you are not using all of them.
So you might want to reduce that to the ones you use, only. Like so:
Route::resource('sessions', 'SessionsController', ['only' => ['create', 'store', 'destroy']);
Hope this helps you further.
In your case I will go for the user readability. I always prefer to have something like example.com/signup, example.com/register to show the form that handles the creation of the user. As a user, the URL tells me that I'm in the right place, even if the controller that handles this is totally different. The middle URL (where you will post your data) is not important because it will not displayed to your users: you will redirect them to the create form or the success page.
If you were building an API (the intended users are developers) I will go for a POST users, because developers should be familiar with REST principles.
We're writing an app with an Android view and a website. Our app needs to associate some data with Facebook, Google, or Twitter (call them 'FGT'), and then hit the associated service to return true if that data is authenticated. The control flow is...
Android generates some data
User selects an FG or T account
getAuthToken
upload the data+token, via HTTPS POST, to our website
Our website (in Django, not that it matters) sends the Auth Token to FGT
FGT returns true if it likes that token, and false if it doesn't
The goal is preventing an attacker from concocting data and throwing it at our site with curl. And we /don't/ need to upload the data all the way to F, G, or T. We don't need to go all the way to a Hybrid App, where our webservice authenticates itself to F, G, or T, and then uses F, G, or T's API to post, e-mail, or tweet in the user's name.
There's obviously a simple answer for this out there somewhere; hopefully just three URIs, one each for F, G, or T, into which I can insert the Auth Token. That's why I would prefer NOT to download and install the SDK for each of Facebook, Google, and Twitter, and then write tons of service-specific code for each case. That would clutter up the code, and leave me screwed when the client requests Tumblr or MSN.
(A related question: What's the second parameter of getAuthToken()? "ah"? "mail"?)
So, while I continue to read books, source code, and SO posts showing how to do hard things the hard way, can someone tip me off how to do an easy thing the easy way?
The thread "validating Android's authToken on third party server" answered the sub-question "what simple URI to hit to test a token?"
The magic uri, for Google, is: https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%
The next question is How to thump an Access Token out of getAuthToken. The scope there should be the minimum possible to show a user really lives here:
String SCOPE = "oauth2:https://www.googleapis.com/auth/userinfo.profile";
am.getAuthToken(a, SCOPE, false, this, null);
My this class implements AccountManagerCallback<Bundle> and provides the method run(AccountManagerFuture<Bundle> result). That, per documentation such as "Android AccountManagerFuture getResult gives IOEXcelption when trying to get authorization token", might call startActivity() to challenge the user to authorize this activity, or it might use a token that's already stored in the AccountManager. (And note that implementing a class just to call-back yourself is pernicious, especially if the target method's named merely run(), so do as I say not as I do, kids!)
The resulting token is 52 bytes long, beginning with 'ya29.', so it's _ probably _ an access_token, not 331 characters, which is probably an id_token.
The resulting token is not bound to any specific channel (where "channel" is one unique set of client, server, and scope). So, from a simple curl, I can hit that /tokeninfo URI with it, and get this (scrubbed) JSONic wisdom:
{
"issued_to" : "442575845966-mde4be7eingpb5pntfs839jipsetro6s.apps.googleusercontent.com",
"audience" : "424242424242-mde4ab7defghi5jklmn839opqrstuv6s.apps.googleusercontent.com",
"user_id" : "424242424242424242424",
"scope" : "https://www.googleapis.com/auth/userinfo.profile",
"expires_in" : 2272
}
And so this answer would have formed, for me, the missing link between all the other documentation I was trying to read. Aaand now I need to do it all again for Facebook & Twitter...
There is a simple URL.
Each authtoken is granted against a scope. Each scope allows the authtoken to do certain things. If you try to do something that the scopes permit, that thing will fail or succeed based on the validity of the authtoken.
The simplest scope to request is probably 'email'.
If you go to the Oauth2 Playground at https://developers.google.com/oauthplayground/ you can experiment with scopes and calls to get one that suits you. You'll be able to see the URLs that you then need to replicate in your app.
There are plenty of related posts to what I'm asking, but after some lengthy searches couldn't quite find what I was looking for, my apologies if it exists somewhere.
My goal -- ALL requests to my Zend App must go through a preDispatch plugin, then pass to a custom Auth controller that will decide whether existing auth credentials are sufficient for the requested operation. 'Sufficient' depends on the logic of the app, hence why I want to do this at the controller+model level. If they suffice, they send the original request along to the specified controller+action, if not they default to a 'get lost' action.
At present I'm using an auth custom plugin set in the preDispatch to simply check for POST'ed auth credentials (if we are logging in), then in all cases the plugin stores the original request and redirects everyone (auth'd or not) to my auth controller, a-la:
$request->setModuleName('default')
->setControllerName('auth')
->setActionName('check')
->setParam('oreq',$request->getParams());
My problem/question is that within my auth->check action, how should I perform the redirect after a decision is made? If I use:
$this->_helper->redirector($or['action'], $oreq['controller']);
then I obviously get an infinite loop as these requests pass through the preDispatch plugin again. Sure I could pass something with the redirect so that the Auth plugin ignores such requests, but this is clearly a security hole. I had thought about maybe generating and storing an md5 hash, storing it to session and passing that as an escape param, but that seems a little sketchy.
Any better ideas out there? Perhaps a redirect method that does not go through the standard predispatch routine in Zend App? Thanks in advance!
This is not how it is done usually in Zend Framework. Not all requests go to a common place and gets redirected to the original requested place authentication.
For access control, use Zend_Acl. Through that, you could easily determine whether the current user has the necessary auth to access the content, else redirect to 'get lost' action.
If you are still adamant on using your technique, use _forward method instead of redirect method.
Since _forward is an internal redirect, you could pass additional arguments and check that in preDispath to avoid a loop.
$this->_forward($action, $controller, $module, $params)