Loading...
 
Skip to main content

History: Token Access

View published page

Source of version: 26 (current)

Copy to clipboard
            ! Token Access
See also ((Temporary Users))

New in ((Tiki5)), and improved since ((Tiki9)).

Allows to access the content with superior rights with the presentation of a token. The primary use of this authentication method is to grant temporary access to content to an external service. Ex.: an external service needs to crawl your content to make a report.

It is also possible to combine with ((Share)). This is good if you want to give a one time access to a page or a file, without creating a username/password and setting the group and permissions.

This is especially useful if you want to share a large file without having to send it via e-mail.

Starting in ((Tiki9)), there is an admin panel at: "__Admin home > Security > Tokens__" (tiki-admin.php?page=security&cookietab#contentadmin1-4):

{img fileId="645" thumb="y" width="500" rel="box[g]" stylebox="border"}

Moreover, ((Tiki9)) brings an interface to manage tokens at (__tiki-admin_tokens.php__). For instance, if you have shared permissions to view some page with one friend, you would have one token generated for your page, which can be listed with this interface:

{img fileId="646" thumb="y" width="500" rel="box[g]" stylebox="border"}

If you want to create new tokens by hand, you can do that with the tab "Add new token".
If the SEFURL feature is not active, in the "Full URL" field you need to copy paste the full URL of the page in the "tiki-" format as shown on the image above.
If the SEFURL feature is active, you need to copy paste the SEFURL style URL like -+/R202312C testing+-.

In the "Groups" field you insert the Groups you want to be "applied" on the user or a service accessing the page with the token as if they were a member of that group.
 
{img fileId="647" thumb="y" rel="box[g]" width="500" stylebox="border"}

One use case for this manual setting of token access is to manage Batch actions, that can be run based on cron jobs set on external servers. See more information in ((Batch))
Another use case is to give access to page contents to crawlers for indexing your site or feeding an AI. You may consider accessing the simpler print version of pages using URLs such as -+/tiki-print.php?page=R202312C+testing&TOKEN=…+-.
! Using a token
{CODE(caption="A token looks like this")}http://demo.tiki.org/trunk/tiki-index.php?TOKEN=937d83bc9dc6ede58d247df505011t43{CODE}

! Limitations
* You cannot edit already created tokens.
* The token param requested in the URL must always be in uppercase letters: -+TOKEN=...+-.
* When using a token with group permissions (for example __Registered__), the user inherits the permissions of that group but is __not considered an actual member of the group__.   As a result, the `{GROUP}` plugin will not recognize the token user as belonging to the group.  
^Example: 
If an anonymous user visits a page using a token with __Registered__ permissions:
{CODE()}
Seen by Anonymous.
{GROUP(groups="Registered")}
Seen by Registered. {GROUP}
{CODE}
Result will be 
{CODE()}Seen by Anonymous.{CODE}
^
To overcome this limitation, we recommend using ((Temporary Users)), since they are treated as actual group members. This ensures that content within {GROUP} blocks is properly displayed.

* The URL used to generate the new token should not contain any URL encoded values, like -+%2C+-, and any multivalue array field params with square brackets, like -+listfields[[]+-. For example using URL like this will fail:
{CODE()}https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=%2C&delimitorL="&delimitorR="&CR=%25%25%25&listfields[]=2&listfields[]=3&recordsMax=-1{CODE}
*You will get an error message "__Token Error__: Your access to this page has expired" when you try to access that page using the token.

Instead you need to use URL like this to create the token:
{CODE()}https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1{CODE}

Then accessing the URL using -+~np~https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1&TOKEN=...~/np~+- will work.

-=Related=-
* ((PluginGetAccessToken))
* ((Batch))
* ((Tokens))
* ((PluginArchiveBuilder))
-=aliases=-
(alias(Token)) | (alias(TokenAccess)) | (alias(Tokens)) | (alias(Security Token))
Collapse/expand modules below