Access-controlled Content Not Appearing

URL Examples

The text in that tab was changed. It no longer displays example URLs. This is because the paths at which Tokenauth operates are fully configurable, and I decided I wanted text that would be valid even if an admin changed the paths right away. That text is configurable, and the tokenauth-token is available so you can build relevant example URL's with the user's token.

What Tokenauth Does

All tokenauth does is set things up so Drupal displays content as though the user assigned that token were actually logged in. It does not magically promote content to the front page/main site RSS feed if it is not already there.

I am marking as Postponed to explore the second issue. The first point about example URL's is Won't Fix by Design.

Tokenauth does indeed work that way.

The tricky part of Tokenauth is getting the token into the user's hands in an effective way. That's why I made the text in the user's Token Authentication tab configurable. You can use HTML in configuring that text, including creating an HTML URL to whichever paths you want.

You would then get that token into the user's hands by directing them to that page.

Now, if you want to get crazier... you could implement hook_url_alter_inbound() [using the URL alter module) or the like, and stick the user's token in the URL for easier bookmarking.

That is a completely different sort of issue. I will investigate this tomorrow.

The point of this is that, as far as Drupal is concerned, the page renders exactly as if you were logged in with only the URL token in place.

Could you tell me if you are using Pressflow? Also, what are you using to restrict the nodes in question from anonymous viewing?

I can confirm that you are not crazy. Tokenauth does not seem to be working with Content Access.

Reverting back, I tried it on a non-pressflow system and it was working properly. Looks like I need to revisit pressflow and make sure that issue was properly resolved.

I will investigate that, wipe my testing instance, and try again. But this is starting to look like a Cannot Reproduce. Have you set the module weight of content access to less than -1000?

@tps Sorry I've been busy in the last week.

My impression of something like tokenauth's concept is that it's the only practical way to use RSS feeds containing secured content with RSS Readers in general. Very few of them implement the secured RSS standards which we might otherwise use to make this happen. I've seen the approach around, but I can't start rattling off enterprise uses if that's what you are asking.

In my testing, it worked with Content Access. I will be making time in the next day or two to run through it again. Tokenauth should not have a problem with any standard access control module.

Confirming that it works with Content Access. Are you using any other modules that control content access?

Having the same problem on my site that uses the content access module, though it might be a conflict with another module i am using for permissions (login destination, menu per role, user protect). Either way, accessing a page that needs authentication with the token simply displays an access denied message.

Tokenauth has a module weight of -15 (in dev). Anything that operates earlier than that in hook_init() to change the current user object will be overridden. An example of this would be using Organic Groups User Roles at a lower weight than Tokenauth. The result would be OGUR checking to see if it should add roles tot he anonymous user, probably deciding not to, and ignoring the page load from then on.

Then, Tokenauth will proceed to load the user associated with the token as the current user, depriving OGUR of the chance to make changes.

I don't have time to really troubleshoot this right now. I'm hoping you can tell me ;)

I'm going to call this a fixed support request. There's a lot of great advice in here, but it seems no specific bug.