Generate access token in a rule to get user info after redirect

Help
, , ,
1

I used rules to redirect all unverified users to a custom page that asks to verify email.
To show user’s email I used query param:

context.redirect = {
  url: `${configuration.WEBSITE_URL}/email-verification?email=${encodeURIComponent(user.email)}`
};

There is a way to generate an access token that will allow fetching information for one particular user?
Because I don’t want to use query parameters for security reasons.

Instead of it, I want to use something like:

const token = genToken(user.user_id);
context.redirect = {
  url: `${configuration.WEBSITE_URL}/email-verification?token=${token}`
};
2

try to use post-login action instead of rules with that you can do this securely.

action-redirect

2 Likes
3

Teamwork makes the dreamwork!

4

Do you mean something like this?

Maybe do you know a way to do the same stuff from rules?
Because we have a lot of code and it will be not easy to transfer all of them into the actions

5

I am not 100% sure but I think you can’t do this with rules. but in your case, if you can decouple redirection-related logic from the current rule and put it into action and it will be a secure approach.

6

because in our example we are doing the same thing with (actions) and if you really want to use rules just throw and access deny error and handle logic by yourself.

7

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.