JWT Path Auto should work from E-mail link?

Created on 1 August 2024, 8 months ago

I have a question.

If someone paste Drupal file links which link to a private files link. (Something like https://backend.foobar.com/system/files/2024-07/dummy.pdf?jwt=743h873hg2...) should it work and trigger the download, when clicked (and the user has no previous active session)? (jwt_path_auto enabled)

Because I noticed that Drupal is very tied to a session and therefore session cookie. I fumble around with private file downloads and I see so many "access denied" pages, that I just want to make sure that in theory it should work.

Thanks in advance.

💬 Support request

Status

Active

Version

2.1

Component

Miscellaneous

Created by

🇩🇪Germany ro-no-lo

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @ro-no-lo
Comment about 2 months ago →
🇺🇸United States pwolanin
Yes, this should work. JWT modules does not generally check if the user has a session - perhaps it should!

You have to generate the JWT and pick the expiration time. Beware than anyone with access to that link will be able to download the provate file until the JWT expires
Comment about 2 months ago →
🇺🇸United States pwolanin
Comment about 1 month ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024