Reputation: 493
Docusign Embedded Editing
I have a problem with the Docusign embedded Edit View.
My application connects to Docusign via JWT. Using the API, I'm allowing users to edit existing envelopes (when in draft) through my own application. The redirection to docusign works fine and the users are able to edit an envelope, adding/removing recipients, setting the signature blocks, etc. All good there. My problem is with the callback.
Using the ReturnUrlRequest, my callbacks are successful and after editing an envelope, users are redirected back to my application. The problem is that before this happens, for a few seconds they are looking at the Docusign inbox for the account. This is a security issue and could allow users to see privileged information, as if they send an envelope after editing it, they'll be looking at the sent folder and can see all other recent envelopes. I presume they could also stay in the inbox and do whatever they wanted if they click on an entry quick enough, but I haven't confirmed this yet.
I need the callback to go directly from the envelope edit to my application, and prevent anything else from docusign from appearing. Is there a way I can lock this down?
And yes, I know that this is something I shouldn't be doing in any event, and that my basic problem is that I'm using the edit view in the first place. I don't have much of a choice. I originally implemented things using the API and my own application provided all of the configuration options on their own. The client, however, didn't like this and essentially demanded that their users be allowed to use the Docusign system's own editing suite, as that is what they are familiar with. I'm trying to square the circle as best as I possibly can.
Upvotes: 0
Views: 136
Answers (2)
Reputation: 49114
In addition to Drew's answer: please ask your DocuSign account rep or customer service contact to add your customer information to internal ticket EC-1009. That will help raise prioritization of providing a secure edit screen for applications to use.
Upvotes: 0
Reputation: 5029
As per the Information Security Notice on the linked page, the Create Edit View provides fully authenticated access to the sending user's account. Even if you were able to prevent the brief view of the inbox, a savvy user could 'break out' of the edit view by navigating directly to app.docusign.com (or appdemo.docusign.com in the sandbox) because their DocuSign session is still valid.
The only way to 'secure' this is to provision each sending user their own membership on the DocuSign account so that users cannot see each other's envelopes (unless explicitly allowed to do so via Document Sharing).
Upvotes: 2
Related Questions
- How to pass document to updateDocument method of DocuSign Java SDK
- DocuSign Android SDK integration
- Java Docusign Authentication
- Not able to implement Docusign SDK
- Docusign API, "Correct Document" or just change fields
- Docusign signing document without an account
- Optional DocuSign editor before sending
- How do you update a docusign envelope document?
- Add editable form fields to document in Docusign
- Embedded signing with documents in Docusign