Expiring URLs
Expiring URLs is a feature that provides a user temporary access to specific resources or pages within an application. This can be useful for sharing sensitive information or granting time-limited access to certain content. An example of this is the customer feedback form which can be used to submit feedback without requiring a user to login.
How do I create expiring URLs with Blueprint?
To create an expiring URL in Blueprint, you first need to create a page in the pages/anon/[preSignedKey] folder. This allows the middleware to detect your preSignedKey in the url. You can then add other tokens that you need as normal, so for example:
is the full url for submitting customer feedback to a given feedback form. You can use the test environment to generate appropriate test data to add to the url.
How does it work?
When a user accesses an expiring URL, the middleware takes the preSignedKey from the URL and uses this as the input value of the ObtainKrakenTokenQuery mutation. If the mutation is successful, a token is contained within the response and is stored within a cookie.
If the URL has expired, contains an invalid preSignedKey or an error is returned, the user will be denied access and is redirected to the login page.
Can I use a custom base route for anonymous urls?
Yes! When you import the authMiddleware from @krakentech/blueprint-auth and add it to a middleware file in your app, you can set various properties of your appRoutes.
Here is an example of how to set up a custom anon route which looks like:
https://your-app-domain.com/customer-satisfaction/A-FAKE/foobar
export default async function middleware(req: NextRequest) {
const res = NextResponse
const authMiddlewareResponse = await authMiddleware({
req,
res,
krakenConfig: {
graphqlEndpoint: BASE_API_URL,
xClientIpSecretKey: KRAKEN_X_CLIENT_IP_SECRET_KEY,
},
appRoutes: {
dashboard: {...},
login: {...},
masquerade: {...},
anon: {
path: [
"/anon",
"/customer-satisfaction",
],
getPreSignedKey: (url) => {
// for one path, we look for a token after the second / in the url
if (url.pathname.startsWith("/customer-satisfaction")) {
const [_customerFeedback, _accountNumber, preSignedKey = null] =
url.pathname.split("/").filter(Boolean)
return {preSignedKey}
}
// in the default case we look for a search param
return {preSignedKey: url.searchParams.get("token")}
},
},
},
});
}
How long does an expiring URL remain valid?
The length of time can vary depending on the URL, generally according to the permissions it grants. The token stored within the cookie is set to expire using the value obtained from the ObtainKrakenTokenQuery mutation to ensure the session expires coincidentally.