Can't get file access permission for AuthenticatedUser working

I’m logged into my app. The app is accessing and displaying an image file. To display the image, I’m using the “Source URL Logic”-binding in UI Builder.

The image is displayed correctly when using the following permissions for this file:

Now, I want to restrict the access to the image to AuthenticatedUser. Therefore, I’m setting the red cross for “NotAuthenticatedUser”:

The effect is however, that the image is not read-in by the application, although I’m working with a logged-in user, which should still have read access.

Browser Dev-Tools are showing the error

GET 400 (Bad Request)

Am I doing something wrong here?

Could you please create a test account for us and share the credentials as well as the link for the login page so we can experience the error on our side?

Hi @mark-piller ,
Is it possible to share such (and more) details via email with you?

Sure. please send an email to with the requested information and a link to this topic.

Email has been sent.

Hello @Klaas_Klever

Thank you for the information provided. We already have an internal ticket BKNDLSS-23971 for this problem. I have raised the priority for this ticket. As soon as the fix is available, we will let you know.


Any news for this?

Hi Klass,

A logged in user is identified either by the user-token HTTP header or a cookie. The problem with the cookie approach (when it comes to fetching files) is the cookie is set for the domain and doesn’t apply to A workaround can be adding a custom domain to your app and then using it for both login API and to fetch files. It would be important to enable cookie-based authorization for the app (Users > Login section in console). Would that approach work for you?