OK, thanks. And should I require user to be signed in in order to access the page he will be directed to after clicking link, or make it public (protected by signed url) ? For example if he generated link, signed out of my app and then clicked link in the email. Should it work in this case ?
@DEVFREY - Thank you for help, by rate limiting you mean I should limit rate at wich user can generate those links ?( for example 1 per 5 minutes) Am I getting it right ?
Hello, I'm making a web application in Laravel and users will have option to delete their account. But when they click on button, to delete account, I want them to confirm this action by sending e-mail to them. And they will have to click link in the email to proceed with deleting account.
My question is how should I implement this system, so it will be secure, and what are the best practices ?
So far I've heard about using Signed URLs, but I didn't find information about security of this system.
Is OAuth the way to go about it ?