- Obtain an App Token
- Check that you can access the files with this token and save the cookies
- Revoke filesystem access for this token
- See that you can still access the files when using the cookies
At step 4 there access to the files should also be forbidden.