This topic describes how to authorize access to OSS.

Use STS to authorize temporary access

You can use Alibaba Cloud Security Token Service (STS) to authorize temporary access to OSS. STS is a web service that provides temporary access tokens for cloud computing users. You can use STS to grant a third-party application or a RAM user (whose user ID you manage) an access credential with a customized validity period and permissions. For more information about STS, see What is STS?

STS has the following benefits:

  • You only need to generate an access token and send the access token to a third-party application, rather than exposing your long-term key (AccessKey) to the third-party application. You can customize the access permissions and validity period of this token.
  • The access token automatically expires when the validity period ends.

For more information about how to access OSS by using STS, see Access OSS with a temporary access credential provided by STS in OSS Developer Guide.

The following code provides an example on how to create a signature request with STS:

#include <alibabacloud/oss/OssClient.h>
using namespace AlibabaCloud::OSS;

int main(void)
{
    /* Initialize the OSS account information. */
    std::string AccessKeyId = "yourAccessKeyId";
    std::string AccessKeySecret = "yourAccessKeySecret";
    std::string Endpoint = "yourEndpoint";
    std::string SecurityToken  = "securityToken";

    /* Initialize network resources. */
    InitializeSdk();

    ClientConfiguration conf;
    OssClient client(Endpoint, AccessKeyId, AccessKeySecret, SecurityToken, conf)

    /* Release network resources. */
    ShutdownSdk();
    return 0;
}

Use a signed URL to authorize temporary access

You can generate a signed URL and provide it to a visitor to grant temporary access. When you generate a signed URL, you can specify the validity period of the URL to restrict the period of access from visitors.

For information about how to add signature information to a URL so that you can forward the URL to a third party for authorized access, see Generate a signed URL.

  • Use a signed URL to upload an object

    The following code provides an example on how to upload an object through a signed URL:

    #include <alibabacloud/oss/OssClient.h>
    using namespace AlibabaCloud::OSS;
    
    int main(void)
    {
         /* Initialize the OSS account information. */
        std::string AccessKeyId = "yourAccessKeyId";
        std::string AccessKeySecret = "yourAccessKeySecret";
        std::string Endpoint = "yourEndpoint";
        std::string BucketName = "yourBucketName";
        std::string PutobjectUrlName = "yourPutobjectUrlName" ;
    
         /* Initialize network resources. */
        InitializeSdk();
    
        ClientConfiguration conf;
        OssClient client(Endpoint, AccessKeyId, AccessKeySecret, conf);
    
        /* Set the validity period of the signed URL.*/
        std::time_t t = std::time(nullptr) + 1200;
        /* Generate the signed URL for uploading an object. */
        auto genOutcome = client.GeneratePresignedUrl(BucketName, PutobjectUrlName, t, Http::Put);
        if (genOutcome.isSuccess()) {
            std::cout << "GeneratePresignedUrl success, Gen url:" << genOutcome.result().c_str() << std::endl;
        }
        else {
            /* Handle exceptions. */
            std::cout << "GeneratePresignedUrl fail" <<
            ",code:" << genOutcome.error().Code() <<
            ",message:" << genOutcome.error().Message() <<
            ",requestId:" << genOutcome.error().RequestId() << std::endl;
            ShutdownSdk();
            return -1;
        }
    
        std::shared_ptr<std::iostream> content = std::make_shared<std::stringstream>();
        *content << "test cpp sdk";
    
        /* Use the signed URL to upload the object. */
        auto outcome = client.PutObjectByUrl(genOutcome.result(), content);
    
        if (! outcome.isSuccess()) {
            /* Handle exceptions. */
            std::cout << "PutObjectByUrl fail" <<
            ",code:" << outcome.error().Code() <<
            ",message:" << outcome.error().Message() <<
            ",requestId:" << outcome.error().RequestId() << std::endl;
            ShutdownSdk();
            return -1;
        }
    
        /* Release network resources. */
        ShutdownSdk();
        return 0;
    }
  • Use a signed URL to download an object

    The following code provides an example on how to use a signed URL to download an object:

    #include <alibabacloud/oss/OssClient.h>
    using namespace AlibabaCloud::OSS;
    
    int main(void)
    {
        /* Initialize the OSS account information. */
        std::string AccessKeyId = "yourAccessKeyId";
        std::string AccessKeySecret = "yourAccessKeySecret";
        std::string Endpoint = "yourEndpoint";
        std::string BucketName = "yourBucketName";
        std::string GetobjectUrlName = "yourGetobjectUrlName";
    
        /* Initialize network resources. */
        InitializeSdk();
    
        ClientConfiguration conf;
        OssClient client(Endpoint, AccessKeyId, AccessKeySecret, conf);
    
        /* Set the validity period of the signed URL. */
        std::time_t t = std::time(nullptr) + 1200;
        /* Generate the URL to download the object. */
        auto genOutcome = client.GeneratePresignedUrl(BucketName, GetobjectUrlName, t, Http::Get);
        if (genOutcome.isSuccess()) {
            std::cout << "GeneratePresignedUrl success, Gen url:" << genOutcome.result().c_str() << std::endl;
        }
        else {
            /* Handle exceptions. */
            std::cout << "GeneratePresignedUrl fail" <<
            ",code:" << genOutcome.error().Code() <<
            ",message:" << genOutcome.error().Message() <<
            ",requestId:" << genOutcome.error().RequestId() << std::endl;
            ShutdownSdk();
            return -1;
        }
    
        /* Use the signed URL to download the object. */
        auto outcome = client.GetObjectByUrl(genOutcome.result());
    
        if (! outcome.isSuccess()) {
            /* Handle exceptions. */
            std::cout << "GetObjectByUrl fail" <<
            ",code:" << outcome.error().Code() <<
            ",message:" << outcome.error().Message() <<
            ",requestId:" << outcome.error().RequestId() << std::endl;
            ShutdownSdk();
            return -1;
        }
    
        /* Release network resources. */
        ShutdownSdk();
        return 0;
    }