Download and Securely Access Digital Certificate Asset
The Certificate Storage infrastructure component manages the Supabase Storage bucket that holds digital certificate asset files. When a peer mentor requests a download, the Certificate Service generates a signed URL with a configurable expiry time, ensuring the file is only accessible to the authorized owner. The signed URL is opened in the device's default file handler or browser, allowing the mentor to save the PDF or image locally. Access is scoped to the certificate owner and authorized coordinators via Supabase Storage access policies.
User Story
Acceptance Criteria
- Given a peer mentor taps the 'Download' button on a certificate card, when the Certificate Service generates the signed URL, then the download begins within 3 seconds
- Given a signed URL is generated, when the URL expires after the configured time limit, then attempting to access the expired URL returns an authorization error and the mentor is prompted to request a new link
- Given the peer mentor's device is offline, when they attempt to download a certificate, then a clear offline error message is displayed and no download is attempted
- Given a peer mentor attempts to access a certificate asset belonging to another user, when the request is evaluated by Supabase Storage access policies, then access is denied and an error is returned
- Given a certificate has no digital asset stored (physical card only), when the peer mentor views the certificate card, then the 'Download' button is hidden and replaced with a 'Digital asset not yet available' label
Business Value
Secure digital access to certificate assets enables peer mentors to present credentials in the field without physical cards, reducing administrative overhead. Signed URLs ensure compliance with data security requirements while maintaining practical usability for field-based volunteers.
Components
- Certificate Card Widget ui
- Certificate Service service
- Certificate Storage infrastructure