Protecting content from improper access with Azion Secure Token

Azion Secure Token is a serverless integration available at Azion Marketplace.

This integration allows you to process and validate tokens that can be used to control access to restricted or customized content. Lessons, videos, and images, for example.

Despite the fact that access to this content is granted through interfaces that demand user authentication, it’s possible to view these files directly by entering their URL, which makes them simple to distribute. The access is only granted after the token has been validated with the use of Secure Token, even if a URL is shared.

Other benefits of Secure Token include:

  1. Flexibility in application development.
  2. Decentralized edge infrastructure to process the tokens.
  3. Capability of applying business rules at the edge.

How the Secure Token integration works

Section titled How the Secure Token integration works

When implementing Secure Token access controls, the source application and the function on the edge have different roles:

  • Originating application: determines the logic around how the token is generated and also determines how users’ access will be controlled. For example, which authentication method (OAUTH, OpenID Connect, etc.) will be used. The Token is a hash of the URL, whose content is being requested. It includes an expiry period for the token itself and a secret key.

  • Secure Token: validates the token generated by the application for each request received and sent by the user. If the token has expired, the secret key isn’t correct, or the token isn’t valid for the relevant URL, the access to the content will be denied.

It’s also possible to combine these with other elements to define which behavior should be applied (authorize access or forward to the application, usually a login/sign-up page).

Installing the Secure Token integration

Section titled Installing the Secure Token integration

The Secure Token is an integration available on the Azion Marketplace. This integration can be accessed through Azion Console by selecting Products menu, indicated by the three horizontal lines on the upper-left corner, and then Marketplace.

Once you got to the Marketplace homepage, you can use the search box to find the Secure Token integration, or you can navigate through the cards until you find the Secure Token card. Click on it to get redirected to the Secure Token homepage. On the homepage, look for the Subscribe for section on the bottom-right corner and click on the Get it now button.

Defining the execution Criteria (Rules Engine)

Section titled Defining the execution Criteria (Rules Engine)

The Rules Engines determine the set of criteria that need to be met for behaviors to be executed. You can either use the Default Rule or create a new rule after setting the validation parameters for the edge application to be executed.

To define the validation criteria, choose the variables, comparison operators, and strings to create your business rule.

For example:

If: ${uri} starts with /classes

Logic: logical operator, variable, comparison operator, string.

The rule is executed if the URL accessed starts with the string “/classes”.

To define the behaviors, add the actions you want to be carried out when the rule’s conditions are met.

For example:

Then: Run Function MySecureToken

Logic: logical operator, action, function.

In this example, if the conditions defined in the rules are satisfied, then the MySecureToken function will be executed. If the token received is invalid, the function will return an HTTP status code 403 or 410, depending on the error.

After configuration, click Save, and your edge application will be ready to execute your new function.