Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support one time tokens for file download #12

Closed
damienbod opened this issue Mar 22, 2016 · 2 comments
Closed

Support one time tokens for file download #12

damienbod opened this issue Mar 22, 2016 · 2 comments

Comments

@damienbod
Copy link
Owner

Add support for one time tokens so that the access_token is not used in the URL for file downloads
@damienbod
Copy link
Owner Author

comment from Alistair:

We approached this in a different way:
– The user clicked on a link to a document. A request is sent to the API checking the user has permission to view the file.
– If the user has permissions a one time token is created, stored in the database and returned.to the client.
– The client then makes another request with the token and filename in the query string to a different end point.
– The API checks to make sure the token exists, has not expired and is for that file. The file is then downloaded. The token is then deleted.

All this was done in an Angular directive so all the user did was click on the link. This is a slightly longer process but gets round the problem of the token appearing in the URL and being logged. If someone tries to use the same token it doesn’t matter as it no longer exists.

@damienbod
Copy link
Owner Author

Implemented using one time access ids

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@damienbod