The Access token feature lets developers secure a specific feature. Access tokens are strings that represent a user and optionally a feature and a related content. Every token is generated for a single user and expires after a configured time. These tokens may be sent to the client and when the client sends it back to the server, the feature may use it to identify the user (and possibly a related content) represented by the token.
For example the Edit documents in the browser feature uses access tokens to let users open documents through the external Office Online Server securely.
This developer feature has a server-side C# api that is able to generate, validate and manage access tokens. Tokens are stored using a dedicated data provider extension, which makes token storage customizable.
The access token life cycle is managed by the system: developers may rely on the built-in mechanism to clean up expired tokens, or tokens generated for users or related content items that are deleted.
All token operations are made through the
AccessTokenVault class and its methods.
Creates a new token for the provided user with the specified timeout. The token can be content- or feature-specific. This depends on the business needs of the feature where the token API is called from.
var token = AccessTokenVault.CreateToken(userId, timeout, contentId, feature);
Loads an existing token or creates a new one for the given user with the specified timeout. If there is an existing token that expires in less then 5 minutes, this method issues a new one.
var token = AccessTokenVault.GetOrAddToken(userId, timeout, contentId, feature);
Returns the token by the specified value and filters if exists. The ‘contentId’ or ‘feature’ parameters are necessary if the original token was emitted by these.
var token = AccessTokenVault.GetToken(tokenString, contentId, feature);
Returns all tokens of the User.
var tokens = AccessTokenVault.GetAllTokens(userId);
Returns true if the specified token value exists and has not yet expired. The ‘contentId’ or ‘feature’ parameters are necessary if the original token was emitted by these.
var tokenExists = AccessTokenVault.TokenExists(tokenString);
Assumes the token value existence. Missing or expired token causes
Updates the expiration date of the specified token value. Missing or expired token causes
Deletes the specified token regardless of its expiration date.
Deletes all tokens of the provided user regardless of their expiration date.
Deletes the tokens related to the specified contentId regardless of expiration date.
Deletes all AccessTokens even if they are still valid.
Is something missing? See something that needs fixing? Propose a change here.