What modules are using the query term "token" for access control?

Sadaf_N · January 21, 2016, 7:17pm

I have seen that couple media sites are using the “token” query term for
access control to some media content and I was wondering what module can
do that?
For examples the request:
http://example.com/media/111111.mp4?token=xyz_very_long_token

allows access to only this 111111.mp4 specific file and not to
111112.mp4 .

I can write a web application that does the same thing but was wondering
what might be used if there are couple web servers and couple content
servers. In this specific case the token should be either shared between
the servers or that the token has some encrypted data in it.
Are there any modules that implements this function?

Thanks,
Eliezer

elico · January 21, 2016, 11:54pm

On 21/01/2016 20:38, nanaya wrote:

Something like this?
Module ngx_http_secure_link_module

No.
The idea is that a client have the full url to the resource but it will
be restricted using a token.
The token can be either stored in a DB such as memcached\redis or
another option.

If such a thing doesn’t exist I would probably write something up (not
for nginx)

Thanks,
Eliezer

elico · January 21, 2016, 7:38pm

Hi,

On Fri, Jan 22, 2016, at 03:16, Eliezer C. wrote:

what might be used if there are couple web servers and couple content
servers. In this specific case the token should be either shared between
the servers or that the token has some encrypted data in it.
Are there any modules that implements this function?

Something like this?
http://nginx.org/en/docs/http/ngx_http_secure_link_module.html

elico · January 23, 2016, 11:21pm

I wanted to mention a nice video about tokens in apis.

Eliezer