Loading...
 

Token Access

New in Tiki5, and improved since Tiki9.

Allows to access the content with superior rights with the presentation of a token. The primary use of this authentication method is to grant temporary access to content to an external service. Ex.: an external service needs to crawl your content to make a report.

It is also possible to combine with Share. This is good if you want to give a one time access to a page or a file, without creating a username/password and setting the group and permissions.

This is especially useful if you want to share a large file without having to send it via e-mail.

Starting in Tiki9, there is an admin panel at: "Admin home > Security > Tokens" (tiki-admin.php?page=security&cookietab=5):

tiki9_token_access_security_admin_panel_tokens.png


Moreover, Tiki9 brings an interface to manage tokens at (tiki-admin_tokens.php). For instance, if you have shared permissions to view some page with one friend, you would have one token generated for your page, which can be listed with this interface:

tiki9_token_access_admin_tokens_list.png


If you want to create new tokens by hand, you can do that with the tab "Add new token". In the "Full URL" field you need to copy paste the full URL of the page in the "tiki-" format. It does not work with SEFURLs yet (as of Tiki 12.x). In the "Groups" field you insert the Groups you want to be "applied" on the user or a service accessing the page with the token as if they were a member of that group.

tiki9_token_access_admin_tokens_new.png


One use case for this manual setting of token access is to manage Batch actions, that can be run based on cron jobs set on external servers. See more information in Batch

Using a token

A token looks like this
http://demo.tiki.org/trunk/tiki-index_raw.php?TOKEN=937d83bc9dc6ede58d247df505011t43

Limitations

You cannot edit already created tokens.

The token param requested in the URL must always be in uppercase letters: TOKEN=....

The URL used to generate the new token should not contain any URL encoded values, like %2C, and any multivalue array field params with square brackets, like listfields[]. For example using URL like this will fail: 

https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=%2C&delimitorL="&delimitorR="&CR=%25%25%25&listfields[]=2&listfields[]=3&recordsMax=-1


You will get an error message "Token Error: Your access to this page has expired" when you try to access that page using the token.

Instead you need to use URL like this to create the token: 

https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1


Then accessing the URL using https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1&TOKEN=... will work.

Related
aliases

Token | TokenAccess | Tokens | Security Token

History Source
List Slides
Export PDF
Handouts
Exit Slideshow