Authenticating frontend access via url params

kiahr · January 17, 2025, 12:44am

Hello, I have a conceptual question…

I do not have all the information yet, however a client’s cyber security team are interested in looking at the possibilities of providing frontend access to a Kirby site via a link with url params hosted on a different website. I assume the url params would be generated by them on the fly, then provided to their end user.

For example:

https://example.com/?unique-token=xxx&timestamp=yyy

They have the idea that via a route, the site checks the unique token to see if it’s valid and if so a Kirby session is created. I am struggling to think how the Kirby site would validate the token.

Would I be correct in thinking that the unique token would have to be checked back with their app via an API call, or is there any other way to have this kind of implementation (for example JSON Web Tokens)?

Thanks a lot!

distantnative · January 23, 2025, 8:47pm

If I understand you correctly, they want to generate the token on server A while the Kirby site is running on server B. In this case, I think indeed Kirby would need to check with server A via an API call or something if the token is valid as server B wouldn’t have a chance to check it itself (except if the token is built in a way that can be reproduced by server B).

This would likely be implemented in the page controller and if the check doesn’t succeed, the user is redirected or an error is shown etc.

Topic		Replies	Views
How to authenticate against kirby's api correctly Questions v3	8	634	September 10, 2021
How to do cross-domain POST request with valid CSRF? Questions v3	8	1347	September 13, 2021
Disable CSRF for a route Questions v3	2	252	April 24, 2021
CSRF Token for Api Auth with Cross Domain Questions	1	345	September 2, 2020
Remote Authentication with JSON API Questions v2	2	746	February 6, 2025

Authenticating frontend access via url params

Related topics