Record deep links

How can i generate a link to an record from within a workflow?
I want to send an email to a user with an deep link to the record.
Any hints ? :wink:

If your users have access to Corteza

You can manually concatenate a string; copy the URL of the record and replace the recordID (the last big number) within a workflow. There is currently no easier way to do this.
Alternatively, you might want to send it as an email or as a PDF?

if your users don’t have access to Corteza

The link won’t do anything. This may change in the (near) future; to allow external users to access some parts of the system.

Im sending both html and pdf. Html at the stage of an verifing user. And an PDF when all informations in all different stages are confirmed. The PDF gets signed and is ready to get transfered to an DMS and archived later on.

I thought about concatinating a string but i didnt know how to construct the url and i couldnt find in the docs how it schould look like. After your comment i searched for it in the gui and finaly i found it.

So may be someone else is searching for it
https://<domain>/compose/ns/<namespace>/pages/228531567268465288/record/230705027415605312
Substitue IDs and placeholder :wink:

Ok, now i know how to build the url. I played a bit with it and there are 2 things i want to mention.

First:
I login to corteza (tested in Chrome and Firefox) and logout. Now i put my Url in the Navebar and … i m logged in and can change the record ? WTF. I dont have to authenticate to do that.
That should not work, seems that there are still some information in the session which i tried to end.

This leads me to Point 2:
If i try the url in a browser which i didnt used before or clear the session cache i get a message that i m not autenticated - which is correct. In this case it would be nice to get a redirection to login and after that an automatic redirection to the url i tried to access first.

Ok. i just realize that sessions seem to be broken.
If i login with one user - log out and login with a different one i have wrong permissions. I ll investigate that and post an Bug on github.

The first bit works by design (authentication sessions are detached from one another, so cancelling one will not cancel the rest), but I do agree that it might cause confusion. I’ll raise a conversation about this to see how we can expand on the current implementation (\cc @darh )

The second bit seems like a nice addition; I’ll open a ticket for it

This should work you expect it in 2021.3.
If it does not, can you share a screenshot of an error?

This should work you expect it in 2021.3.

Sry, you are right. If i delete all my cookies it works.
The Probelm was i logged in with an user which had no rights for accessing the record. My bad. BUT: The user has logged sucessfully out of the application, so there should have been the auth page…

The sessions seem strange anyway. I clear my cookies, log in as a user (A) with admin rights. All works. I log out.
Now i choose a user (B) which has no roles at all, so only the role Everyone should be valid. After i log in i can see the correct user (->B) in the upper right corner - the one i logged in with. But i still have the permissions of my administration user (A) and if i create a record the field createdBy says the record was created by A.

I m sure sessions are broken.

@tnissen can you maybe share access tokens of both users here?
You’ll see them in the browser’s dev console in network tab under Authorization header in requests firing to the API.

Yes i can, its a test server…

So first i have to add that this time log in and out worked… hmm so i m pretty sure it was not my imagination.
There is one step missing in my usescase above. After User A is logged in it seems i need to open a record. On the record page i log out. (May be one of many cases, i havent enclosed the trigger at all). After loggin in with B… now i have A permissions.

User A token payload:

{
  "aud": "226769329234903079",
  "exp": 1620982312,
  "roles": "2",
  "scope": "profile api",
  "sub": "226774813421600811"
}

User B token payload:

{
  "aud": "226769329234903079",
  "exp": 1620982596,
  "roles": "2",
  "scope": "profile api",
  "sub": "226774813421600811"
}

And to make it complete the token of B with a “clean” login:

{
  "aud": "226769329234903079",
  "exp": 1620983579,
  "roles": "",
  "scope": "profile api",
  "sub": "230128276155138112"
}

Problem was with incomplete removal of auth data from local-store: only tokes from the top-most app (Unify/One) were removed. This is now fixed (2021.3.x branch). You can expect 2021.3.5 with this and some other fixes early next week.