I managed to solve using cookies, but as you said, it is not secure. Although I have no experience, I managed to bypass the control.
Maybe it's not the safest way like I did, in any case it is not recommended to proceed in this way.
I have experience with auth_basic, but using the terminal to create user and password and to grant access.
Too many different information in this topic that I have opened, my fault, I want to simplify it.
I know I previously said I wanted to avoid using Curl, but
I would like to understand the mechanism.
Imagine that the user logs in and i provide him an url, for example:
curl -u {{user.id}}:{{unique_value}} https://domain.com/assets/file/test.txt
Or
curl -O https://domain.com/assets/file/test.txt?param={{unique_value}}
How can I find out with Nginx if the username and password are real or that the user/unique_value is still active?
Should I somehow access the database or am I wrong?