I have an app which has 2 separate forms on separate endpoints. App runs on expressjs.
All endpoints of the app are protected, if the user is not logged in they cannot get/post to the endpoints.
I would like to have a dynamic url for rendering the second form based on who filled out the first form.
I have managed to get everything working with generating random url ( e.g sGGjgSPyen).
But I’m getting problems when I try to generate a magic-link like thing… I would like to have authorization to the second form when I use the generated random url, not the token I signed the data with.
At the moment if from the first form post request is made, I am generating the url and then signing it with jsonwebtoken, and if I make a get request to the url I have generated I will verify the url.
But I am not authorized to make that get request. However, if I replace the token with the generated url I have access.
Am I missing something or how could I sign a token to url “sGGjgSPyen”, and then access the second form from the url.
Thank you in advance.