Is NextCloud capable of using ‘Magic Links’ for sharing files or folders?
I know it’s possible to email a link when you want to share an asset externally. But is there a mechanism that does it in a two stage process where a link is emailed, the user clicks the link to request a time-limited download link to be sent to their email, and they use that emailed link to get the file?
Basically, I’m trying to see if there’s way to share externally while preventing the external user from sharing the link to the actual asset without having to administer another user account.
Lots of websites do a variation on this, but I’m not clear on the options offered by Nextcloud be it vanilla or via plugins.
(I believe these are called ‘Magic Links’. It would be a seriously useful thing for Nextcloud to add. (and I can’t imagine it need be difficult to implement but who knows?))
You can set the download link count to “1”. For e.g. PDFs you need link count “2” because of open and download. Or you share direct download link share name added with /download .
Hmmn. That’s good to know, though it solves a bit of a different use case.
Would very much like to request the Magic Link approach. It’s a good compromise as it, within acceptable reason, ensures that the downloader has access to the email account to which you’ve sent it, doesn’t hinder their downloads (especially good if sharing a folder), and if the data spreads beyond that (via direct access to your NextCloud), then, more than likely it was done in collaboration with the intended recipient, in which case there are other issues afoot.
Just sharing a link, even with a password opens up an inadvertent vector if the recipient forwards the email.
Anyway - I think it’s a very good UX and has reasonable (not airtight) security built in.
You can write an issue here. If you have no GitHub account read some issue examples and sent me a PN with your issue text. Then i copy the issue to GitHub.
I thought of something else. You can also take a look at the Guests app (video). In this case, you invite an email for a share. The person assigns their own password and can access it. Now you just need to find a mechanism so that the guests are deleted regularly. However, as you log in with an email and password, it may not be so bad if guests exist in the user administration for a longer time. Another advantage is that instead of sending a link secret e.g. abcdefghijklmno by an e-mail (SMTP or SMTPS), a password is set for the e-mail address via the Nextcloud GUI directly via HTTPS.