Comments (2)
damienbod
commented on May 22, 2024
comment from Alistair:
We approached this in a different way:
– The user clicked on a link to a document. A request is sent to the API checking the user has permission to view the file.
– If the user has permissions a one time token is created, stored in the database and returned.to the client.
– The client then makes another request with the token and filename in the query string to a different end point.
– The API checks to make sure the token exists, has not expired and is for that file. The file is then downloaded. The token is then deleted.
All this was done in an Angular directive so all the user did was click on the link. This is a slightly longer process but gets round the problem of the token appearing in the URL and being logged. If someone tries to use the same token it doesn’t matter as it no longer exists.
from aspnet6identityserver4angularoidcflows.
damienbod
commented on May 22, 2024
Implemented using one time access ids
from aspnet6identityserver4angularoidcflows.
Related Issues (20)
- Internal Error message localization HOT 3
- Question: Implicit Flow HOT 5
- ShowRecoveryCodesViewModel localization HOT 5
- ExternalLoginFailure localization of title HOT 1
- Webpack dev server high cpu and memory HOT 1
- How to send token from API to another HOT 1
- Single signon login form localization HOT 2
- Authorize Attribute with Roles Not Working for new JWT Tokens. HOT 1
- License? HOT 1
- Integration With Skoruba Admin HOT 1
- Commit 22ae2223
- the modules of "node-sass" can't be installed 。 HOT 1
- samesite flag chrome issue HOT 2
- Silent Sign in
- CodeFlow example HOT 1
- Checking against a mix of roles/claims HOT 2
- sign in
- Angular App not running HOT 3
- Move Angular projects to CLI
- Accidentally Opened Issue
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnet6identityserver4angularoidcflows.