Authenticating Row Data via URL Parameter
Hey y'all I have an app that I'm trying to create the below functionality for:
1. An authenticated user selects an option to share or giveaway data of a row attributed to themselves.
2. This generates a link with a sharingToken parameter in the URL.
3. Authenticated and anonymous users can access this link to view and claim the row data on the app screen (Web and Native).
4a. An authenticated user can claim the row data.
4b. An unauthenticated user is prompted to create an account and then claim the row data.
Currently, the screen with the row data has a toggle that generates a sharingToken nanoid. It stores this as a column in the corresponding table. I'm having some trouble figuring out how to set up an RLS policy that can authenticate the URL parameter with the sharingToken value that's stored in that row in a secure way. Is there a pattern for this that you could share?
1. An authenticated user selects an option to share or giveaway data of a row attributed to themselves.
2. This generates a link with a sharingToken parameter in the URL.
3. Authenticated and anonymous users can access this link to view and claim the row data on the app screen (Web and Native).
4a. An authenticated user can claim the row data.
4b. An unauthenticated user is prompted to create an account and then claim the row data.
Currently, the screen with the row data has a toggle that generates a sharingToken nanoid. It stores this as a column in the corresponding table. I'm having some trouble figuring out how to set up an RLS policy that can authenticate the URL parameter with the sharingToken value that's stored in that row in a secure way. Is there a pattern for this that you could share?
