Obtain an authorization code by using the on-demand authorization function of Alibaba Cloud Security Token Service (STS).
Log on to the OSS browser by using the authorization code.
For details, visit https://help.aliyun.com/document_detail/31935.html
Create a role in accordance with the instructions described in STS On-demand Access Authorization.
-
Log on using the Access Key of a subaccount rather than the primary account.
-
The subaccount must be assigned the "AliyunSTSAssumeRoleAccess" and "AliyunRAMReadOnlyAccess" permissions and the permission to access the directory to be authorized.
Subaccount authorization (recommended configuration for novice users):
Authorization in the OSS browser:
The authorization code generated by a program must adopt the following format:
var opt = {
id: "",
secret: "",
stoken: "",
privilege: "",
expiration: "",
osspath: "",
};
//toString
opt = JSON.stringify(opt);
//base64 encode
Buffer.from(opt).toString("base64");For details, see the following code: app/main/files/modals/grant-token-modal.js.
Generated by a program must adopt the following format:
var opt = {
id: "",
secret: "",
desc: "",
region: "oss-cn-shenzhen",
osspath: "oss://your-bucket/test/",
eptpl: "http://{region}.aliyuncs.com",
};
//toString
opt = JSON.stringify(opt);
//base64 encode
Buffer.from(opt).toString("base64");