Actions tokens are a particular type of token that allows unauthenticated users to perform some limited and predefined actions.

In this article we will see how to use them to create authenticated download links with a simple and short PHP script intended to run on shared web hosting.

There are several methods for authentication : certificates, passwords, pincode, webauthn, One Time Password…

Choosing an authentication method is not a technical choice : it has hudge impacts on security but also on User eXperience.

This article shows several demos, built with Keycloak, and let you have a perception of User eXperience for each authentication method.

Action tokens are a particular type of token that allows unauthenticated users to perform some limited and predefined actions.

Usual use case are :

• E-mail confirmation
• Credentials reset
• Execute required action(s)
• and any action relevant with the flow and your use cases…
• This article explains what is an action token and how to use it to authenticate users from a link inside a newsletter

OpenVPN allows usage of PAM modules. By using an oauth2 client PAM module and password grant, we can use our own SSO (Keycloak) to authenticate users on a VPN infrastructure.

For Oauth2 providers which do not allow Password Grant, we will use a “token authentication” by providing a valid token instead of a password. Code and demo with Google as authentication provider.