Skip to main content

Expiring URL's

Expiring URL's is a feature that provides a user temporary access to specific resources or pages within an application. This can be useful for sharing sensitive information or granting time-limited access to certain content. An example of this is the customer feedback form which can be used to submit feedback without requiring a user to login.

How do I use expiring URL's with Blueprint?

To use expiring URLs in Blueprint, the middleware and matcher are configured for the /anon route. When a user accesses an expiring URL, the middleware takes the preSignedKey from the URL and uses this as the input value of the ObtainKrakenTokenQuery mutation. If the mutation is successful, a token is contained within the response and is stored within a cookie. If the URL has expired, contains an invalid preSignedKey or an error is returned, the user will be denied access and is redirected to the login page.

How long does an expiring URL remain valid?

The length of time can vary depending on the URL, generally according to the permissions it grants. The token stored within the cookie is set to expire using the value obtained from the ObtainKrakenTokenQuery mutation to ensure the session expires coincidentally.