You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We approached this in a different way:
– The user clicked on a link to a document. A request is sent to the API checking the user has permission to view the file.
– If the user has permissions a one time token is created, stored in the database and returned.to the client.
– The client then makes another request with the token and filename in the query string to a different end point.
– The API checks to make sure the token exists, has not expired and is for that file. The file is then downloaded. The token is then deleted.
All this was done in an Angular directive so all the user did was click on the link. This is a slightly longer process but gets round the problem of the token appearing in the URL and being logged. If someone tries to use the same token it doesn’t matter as it no longer exists.
Add support for one time tokens so that the access_token is not used in the URL for file downloads
The text was updated successfully, but these errors were encountered: