stackoom
  简体   繁体   中英

How can you replace the single-use access tokens in an action-xhr header without using amp-bind?

 原文  2022-03-01 22:32:59       amp-email

Question

Problem

How is it possible to insert a new token (that's returned in the response) into the action-xhr , if we can't use amp-bind ?

Background

From the Gmail markup docs on Limited Use Access Tokens , requests should be signed with an object ID and a unique token.

http://www.example.com/approve?requestId=123&accessToken=xyz

This combination of id + token should be used once. The docs state:

Once this request gets through, any future request with the same id and access token should be rejected too

After completing a successful request, we need to create a new token for a subsequent write.

However, the AMP for Email docs indicate that we can't change the action-xhr for a <form> tag:

The src attribute of amp-list, action-xhr of amp-form, the src for amp-img, or the href attribute of an tag cannot be mutated by amp-bind.

1 answers

solution1
 0  2022-03-02 00:28:44

Limited Use Access Tokens is for the Email Markup feature, which is unrelated to AMP for Email. The documentation recommends rejecting "future request with the same id and access token" probably due to the nature of the One Click Actions feature, where the actions rendered from the markup are mostly one-time action that shouldn't be done repeatedly:

ConfirmAction can only be interacted with once.

https://developers.google.com/gmail/markup/reference/one-click-action#confirm_action

SaveAction can only be interacted with once.

https://developers.google.com/gmail/markup/reference/one-click-action#save_action

This is in contrast to the Go-To Actions feature, where the action can be done multiple times, although obviously only recommended for a simple link without any mutation of states.

There's no such universal recommendation for AMP for Email. It's up to the email sender whether certain actions will be rejected after the first success or can be done repeatedly. You are right that the AMP for Email format doesn't even allow generating dynamic access tokens from within the email, so if the email sender rejects the request after the first success, the sender should probably render some kind of error message (eg, by using a <div submit-error> element under amp-form ) if the user tries to perform some action for a second time. The access token should be hardcoded in the URL of the original email payload. It should still be for limited use by expiring it after 30 days or less.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Use nodemailer to send AMP email How to add a scroll to top button in AMP Email How to add Roboto font to AMP 4 Email How is dynamic data collected and stored in amp email? AMP-HTML mail - how to communicate with the server and fetch json? How to setup dynamic email like amp-email in ruby on rails? How to send AMP Email from Python? How is it technically different from Normal Email AMP emails ads - 'amp-ad' component is unsupported AMP-EMAIL: Iterate list of items from amp-state AMP Email images automatically loading?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM