Shared URL Authorization

[EnigmaCurry]

There should be an easier way to share urls with others who don't have Oauth2 accounts pre-provisioned. You ought to be able to send a link to someone and just have them click on it to gain access.

You could use HTTP Basic auth and get a URL like https://user:[email protected] and this does in fact work, it is cumbersome because depending on how the user decides to open the url, and what browser they are using, the credentials might not automatically transfer, causing friction for sharing purposes.

• Proposal

I propose a new form of sentry authorization to be called "Shared URL Authorization", which will require a pre-shared token to be provided in the query args with a configurable query argument name. For example:

## Access denied without the token:
curl https://app.example.com

## Access is granted with the token, and a cookie is set:
curl -c cookies.txt https://app.example.com/?auth=xxxx

## Access is also granted with just the cookie:
curl -s cookies.txt https://app.example.com

• Config

You can configure multiple tokens as a comma separated list (therefore commas are invalid token characters):

WHOAMI_SHARED_URL_AUTHORIZATION_QUERY_ARG=auth
WHOAMI_SHARED_URL_AUTHORIZATION_TOKENS=xxxx,aaaa,bbbb

Any token will grant the same access.