Some file access methods ignore workflow tokens #9126
Description
As reported by DANS, some file access methods e.g., the individual file download ignore the X-Dataverse-invocationID authentication token used by workflows. Looking at the code, it appears this is because these methods do their own check for an apiKey/header, usually before calling the AbstractAPIBean findUserOrDie method which does its own lookup of the key or header (and checks for workflow tokens). Removing the unnecssary code in the Access class should fix this issue and simplify processing. (The lookups in the Access class also have some historical oddities such as checking that the apiKey is not 64 characters long (in which case it would be rejected)).
Which version of Dataverse are you using?
5.12