Generate presigned url

Hi Auth0 team,

is it possible to generate a presigned url using auth0? the requirement is to send a url to a protected content but user need not have to login to access the URL. also, is there a way to shorten the jwt token for the same purpose?

thank you.
Prasad

1 Like

Hi @praskatti,

I don’t believe there is a built-in way to generate pre-signed URLs for unauthenticated users using Auth0. Since authentication isn’t required to access the content, then it would not be protected by Auth0. If you instead want to create short-lived sessions for this content that end when the user closes the browser, then you could look into Non-Persistent Sessions

Without authentication, one way to accomplish something like this that comes to mind would be to use a JWT library to generate a JWT and store the JWT’s jti (JSON Web Token Identifier) claim in your database as a key. In your database, you could store data related to the JWT such as the resource ID for the content, etc. The benefit of using a JWT would be that you could verify that the token has not been tampered with and that it originated in your app, but you could also use a random opaque string instead of a token to accomplish the same thing. However, since the user isn’t logging in, there will be no Access Token/ID Token issued to this user, and so the content would be available to anyone who has the URL.

There is a discussion about a similar concept in this topic: Get tokens for users who don't exist

Thanks Stephanie. I concur with your thoughts. Opaque tokens with a short TTL backed by a database should work well here.

thanks also for the reference to the link.

Cheers
Prasad

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.