Loading...
 
Skip to main content

History: Token Access

View published page

Source of version: 23 (current)

Copy to clipboard
            ! Token Access
See also ((Temporary Users))

New in ((Tiki5)), and improved since ((Tiki9)).

Allows to access the content with superior rights with the presentation of a token. The primary use of this authentication method is to grant temporary access to content to an external service. Ex.: an external service needs to crawl your content to make a report.

It is also possible to combine with ((Share)). This is good if you want to give a one time access to a page or a file, without creating a username/password and setting the group and permissions.

This is especially useful if you want to share a large file without having to send it via e-mail.

Starting in ((Tiki9)), there is an admin panel at: "__Admin home > Security > Tokens__" (tiki-admin.php?page=security&cookietab=5):

{img fileId="645" thumb="y" width="500" rel="box[g]" stylebox="border"}

Moreover, ((Tiki9)) brings an interface to manage tokens at (__tiki-admin_tokens.php__). For instance, if you have shared permissions to view some page with one friend, you would have one token generated for your page, which can be listed with this interface:

{img fileId="646" thumb="y" width="500" rel="box[g]" stylebox="border"}

If you want to create new tokens by hand, you can do that with the tab "Add new token".
If the SEFURL feature is not active, in the "Full URL" field you need to copy paste the full URL of the page in the "tiki-" format as shown on the image above.
If the SEFURL feature is active, you need to copy paste the SEFURL style URL like -+/R202312C testing+-.

In the "Groups" field you insert the Groups you want to be "applied" on the user or a service accessing the page with the token as if they were a member of that group.
 
{img fileId="647" thumb="y" rel="box[g]" width="500" stylebox="border"}

One use case for this manual setting of token access is to manage Batch actions, that can be run based on cron jobs set on external servers. See more information in ((Batch))
Another use case is to give access to page contents to crawlers for indexing your site or feeding an AI. You may consider accessing the simpler print version of pages using URLs such as -+/tiki-print.php?page=R202312C+testing&TOKEN=…+-.
! Using a token
{CODE(caption="A token looks like this")}http://demo.tiki.org/trunk/tiki-index.php?TOKEN=937d83bc9dc6ede58d247df505011t43{CODE}

! Limitations
You cannot edit already created tokens.

The token param requested in the URL must always be in uppercase letters: -+TOKEN=...+-.

The URL used to generate the new token should not contain any URL encoded values, like -+%2C+-, and any multivalue array field params with square brackets, like -+listfields[[]+-. For example using URL like this will fail:
{CODE()}https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=%2C&delimitorL="&delimitorR="&CR=%25%25%25&listfields[]=2&listfields[]=3&recordsMax=-1{CODE}

You will get an error message "__Token Error__: Your access to this page has expired" when you try to access that page using the token.

Instead you need to use URL like this to create the token:
{CODE()}https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1{CODE}

Then accessing the URL using -+~np~https://yoursite/tiki-ajax_services.php?controller=tracker&action=export_items&trackerId=3&encoding=UTF-8&separator=,&CR=%%%&recordsMax=-1&TOKEN=...~/np~+- will work.

-=Related=-
* ((PluginGetAccessToken))
* ((Batch))
* ((Tokens))
* ((PluginArchiveBuilder))
-=aliases=-
(alias(Token)) | (alias(TokenAccess)) | (alias(Tokens)) | (alias(Security Token))