In this article, you will learn how the Plumrocket_Token plugin works with access tokens, and why you need it.
An access token is a piece of code that contains the security credentials for a login session and identifies the user, user groups, and privileges. Since Magento is an eCommerce platform, it uses a lot of customer-related data in different ways, which requires data to be protected. Therefore, we use tokens so that Magento can securely process customer data by hiding the customer ID.
How Plumrocket_Token Extension Works
The plugin is used within the Data Privacy extension to provide secure access to the Privacy Center Dashboard for guest users. Let’s find out how exactly it works.
According to data privacy laws (GDPR, CCPA, LGPD, etc.), all visitors can access their personal data collected by your website, as well as submit data deletion or other privacy requests. Registered customers can do this from the Data Privacy Center when logged into the website. However, guest users must provide their email addresses in order to access the Data Privacy Center and all of its features.
After guests provide their email addresses, we send them personal token-based links that allow accessing Privacy Center and submit different requests associated with their device.
Token Lifetime
All token-based links are valid only for a limited time for security reasons. Setting an expiration date for tokens prevents third parties from grabbing them and accessing very sensitive user data. You can easily set the token lifetime from your Magento admin panel. From the main Magneto menu, go to Plumrocket -> Data Privacy -> Configuration, and navigate to the Guest Link Expiration option.
Other Uses of Plumrocket Token Extension
The Plumrocket Token plugin is also used in the Magento 2 Advanced Reviews & Reminders extension to ensure security when leaving product reviews directly from the email.
Also, the CCPA, AMP Email, and other extensions include the Token plugin for similar purposes.
All in all, the Plumrocket_Token extension is a necessary tool for other Plumrocket plugins to ensure customer data privacy when accessing website account without providing authentication data.