I want to provide a presigned s3 url for authenticated users to download files. I have a JWT based authentication on my backend and the URL can be generated on my backend based on the token. So if a user is authenticated on a device, they can click on a button and it opens a new tab pointing at the presigned url. My question is, how to prevent the user to copy the url on to an unauthenticated device and access the file from there? I referred to AWS S3 authenticated user access using presigned URLs? this, but it doesn't solve my problem.
Asked
Active
Viewed 952 times
0
-
1FYI: https://stackoverflow.com/q/51407211/1207049 – marekful Feb 15 '21 at 11:32
1 Answers
2
Generally no, that is not possible, a pre-signed URL is valid from any browser and any device. You cannot prevent a user from copying and sharing the link.
The only thing you could do is reduce the duration for which the presigned url is valid, if you open the link in a new tab and set the duration of the presigned url only be e.g. 5 seconds you massively reduce the chance or the effect of the user being able to share the link in time.
luk2302
- 55,258
- 23
- 97
- 137