Recently, one of my colleagues asked me about how to manage ephemeral link sent to users to manage their profile without any Azure AD or Identity Provider. Its first idea was to use a database with GUID associated to a datetime and manage their expiration through an Azure Function. An another Azure Function will receive the call from the users and check if the GUID is present and valid.
Another idea to manage them without having to build the database, is to rely on SAS Token generated by Azure storage.
A SAS Token is a token associated to 1 of the 2 keys associated to an Azure storage, a validity period and rights on a container, file, queue or table storage. It can be generated using Azure SDK in various language.
The idea here is instead of relying on a generated GUID stored in database, we can send SAS token with read right on an empty container.
When the Azure Function receives the call, it uses the SAS Token to attempt to read the container. If it's succeed you are allowed to go on, otherwise you are not.
I hope you find it useful.