diff --git a/.github/workflows/ldap-sync.yml b/.github/workflows/ldap-sync.yml
new file mode 100644
index 000000000..54088a891
--- /dev/null
+++ b/.github/workflows/ldap-sync.yml
@@ -0,0 +1,15 @@
+name: ldap-sync-build
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - "tdrive/backend/utils/**"
+
+jobs:
+  ldap-sync-build:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build ldap sync
+        run: cd tdrive/backend/utils/ldap-sync && npm i && npm run build
\ No newline at end of file
diff --git a/.github/workflows/publish-ldap-sync.yml b/.github/workflows/publish-ldap-sync.yml
new file mode 100644
index 000000000..25990197c
--- /dev/null
+++ b/.github/workflows/publish-ldap-sync.yml
@@ -0,0 +1,32 @@
+name: publish-ldap-sync
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "tdrive/backend/utils/ldap-sync/**"
+      - "tdrive/docker/**"
+
+jobs:
+  publish-node:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Set env to production
+        if: endsWith(github.ref, '/main')
+        run: 'echo "DOCKERTAG=latest" >> $GITHUB_ENV'
+      - name: "Push to the registry following labels:"
+        run: |
+          echo "${{ env.DOCKERTAG }},${{ env.DOCKERTAGVERSION }}"
+      - uses: actions/checkout@v2
+      - name: Publish to Registry
+        uses: elgohr/Publish-Docker-Github-Action@v5
+        with:
+          name: tdrive/tdrive-ldap-sync
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+          workdir: tdrive
+          registry: docker-registry.linagora.com
+          context: .
+          target: production
+          buildoptions: "-t docker-registry.linagora.com/tdrive/tdrive-ldap-sync -f docker/tdrive-ldap-sync/Dockerfile"
+          tags: "${{ env.DOCKERTAG }},${{ env.DOCKERTAGVERSION }}"
\ No newline at end of file
diff --git a/tdrive/backend/node/config/custom-environment-variables.json b/tdrive/backend/node/config/custom-environment-variables.json
index 1bf1e9de8..bc085ec8d 100644
--- a/tdrive/backend/node/config/custom-environment-variables.json
+++ b/tdrive/backend/node/config/custom-environment-variables.json
@@ -27,7 +27,8 @@
   "websocket": {
     "auth": {
       "jwt": {
-        "secret": "AUTH_JWT_SECRET"
+        "secret": "AUTH_JWT_SECRET",
+        "expiration": "AUTH_JWT_EXPIRATION"
       }
     }
   },
diff --git a/tdrive/backend/node/config/default.json b/tdrive/backend/node/config/default.json
index 78da89771..33924c1b2 100644
--- a/tdrive/backend/node/config/default.json
+++ b/tdrive/backend/node/config/default.json
@@ -81,7 +81,7 @@
      }
   },
   "database":{
-     "secret":"ab63bb3e90c0271c9a1c06651a7c0967eab8851a7a897766",
+     "secret":"",
      "type":"cassandra",
      "mongodb":{
         "uri":"mongodb://mongo:27017",
diff --git a/tdrive/backend/node/package-lock.json b/tdrive/backend/node/package-lock.json
index a440435f6..292f35baa 100644
--- a/tdrive/backend/node/package-lock.json
+++ b/tdrive/backend/node/package-lock.json
@@ -504,6 +504,22 @@
         }
       }
     },
+    "@fastify/cookie": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@fastify/cookie/-/cookie-6.0.0.tgz",
+      "integrity": "sha512-Luy3Po3dOJmqAuPCiPcWsX0tV5+C3AOnULSdlsGjNGOvyE7jqzysp8kT9ICfsUvove+TeUMgTWl1y9XS3ZPPMg==",
+      "requires": {
+        "cookie-signature": "^1.1.0",
+        "fastify-plugin": "^3.0.1"
+      },
+      "dependencies": {
+        "fastify-plugin": {
+          "version": "3.0.1",
+          "resolved": "https://registry.npmjs.org/fastify-plugin/-/fastify-plugin-3.0.1.tgz",
+          "integrity": "sha512-qKcDXmuZadJqdTm6vlCqioEbyewF60b/0LOFCcYN1B6BIZGlYJumWWOYs70SFYLDAH4YqdE1cxH/RKMG7rFxgA=="
+        }
+      }
+    },
     "@fastify/error": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/@fastify/error/-/error-2.0.0.tgz",
@@ -3152,6 +3168,11 @@
       "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz",
       "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA=="
     },
+    "cookie-signature": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.1.tgz",
+      "integrity": "sha512-78KWk9T26NhzXtuL26cIJ8/qNHANyJ/ZYrmEXFzUmhZdjpBv+DlWlOANRTGBt48YcyslsLrj0bMLFTmXvLRCOw=="
+    },
     "core-util-is": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
diff --git a/tdrive/backend/node/package.json b/tdrive/backend/node/package.json
index 7cbd0b83c..81eeb8e76 100644
--- a/tdrive/backend/node/package.json
+++ b/tdrive/backend/node/package.json
@@ -105,6 +105,7 @@
     "@fastify/caching": "^7.0.0",
     "@fastify/formbody": "^6.0.0",
     "@fastify/static": "^5.0.1",
+    "@fastify/cookie": "^6.0.0",
     "@ffprobe-installer/ffprobe": "^1.4.1",
     "@sentry/node": "^6.19.7",
     "@sentry/tracing": "^6.19.7",
diff --git a/tdrive/backend/node/src/core/platform/services/auth/web/jwt.ts b/tdrive/backend/node/src/core/platform/services/auth/web/jwt.ts
index 8af60b6f8..ee0c3661b 100644
--- a/tdrive/backend/node/src/core/platform/services/auth/web/jwt.ts
+++ b/tdrive/backend/node/src/core/platform/services/auth/web/jwt.ts
@@ -1,12 +1,18 @@
 import { FastifyPluginCallback, FastifyRequest } from "fastify";
 import fastifyJwt from "fastify-jwt";
+import cookie from "@fastify/cookie";
 import fp from "fastify-plugin";
 import config from "../../../../config";
 import { JwtType } from "../../types";
 
 const jwtPlugin: FastifyPluginCallback = (fastify, _opts, next) => {
+  fastify.register(cookie);
   fastify.register(fastifyJwt, {
     secret: config.get("auth.jwt.secret"),
+    cookie: {
+      cookieName: "X-AuthToken",
+      signed: false,
+    },
   });
 
   const authenticate = async (request: FastifyRequest) => {
diff --git a/tdrive/backend/node/src/core/platform/services/webserver/error.ts b/tdrive/backend/node/src/core/platform/services/webserver/error.ts
index f3a032791..b13bbaa00 100644
--- a/tdrive/backend/node/src/core/platform/services/webserver/error.ts
+++ b/tdrive/backend/node/src/core/platform/services/webserver/error.ts
@@ -9,7 +9,7 @@ function serverErrorHandler(server: FastifyInstance): void {
         ? {
             statusCode: reply.statusCode,
             error: "Internal Server Error",
-            message: "Something went wrong",
+            message: "Something went wrong, " + err.message,
             requestId: request.id,
           }
         : err,
diff --git a/tdrive/backend/node/src/services/applications-api/web/controllers/index.ts b/tdrive/backend/node/src/services/applications-api/web/controllers/index.ts
index 22daf1fde..d014ae91b 100644
--- a/tdrive/backend/node/src/services/applications-api/web/controllers/index.ts
+++ b/tdrive/backend/node/src/services/applications-api/web/controllers/index.ts
@@ -8,18 +8,19 @@ import {
   RealtimeBaseBusEvent,
 } from "../../../../core/platform/services/realtime/types";
 import { ResourceGetResponse } from "../../../../utils/types";
-import { getInstance } from "../../../user/entities/user";
 import {
   ApplicationObject,
   getApplicationObject,
 } from "../../../applications/entities/application";
 import gr from "../../../global-resolver";
+import { logger } from "../../../../core/platform/framework/logger";
 import {
   ApplicationApiExecutionContext,
   ApplicationLoginRequest,
   ApplicationLoginResponse,
   ConfigureRequest,
 } from "../types";
+import { ConsoleHookUser } from "src/services/console/types";
 
 export class ApplicationsApiController {
   async token(
@@ -171,45 +172,18 @@ export class ApplicationsApiController {
         email: string;
         first_name: string;
         last_name: string;
-        application_id: string;
-        company_id: string;
       };
     }>,
   ): Promise<any> {
-    const email = request.body.email.trim().toLocaleLowerCase();
-    const checkApplication = gr.services.applications.companyApps.get({
-      application_id: request.body.application_id,
-      company_id: request.body.company_id,
-    });
-
-    if (!checkApplication) {
-      throw new Error("Application is not allowed to sync users for this company.");
-    }
-
-    if (await gr.services.users.getByEmail(email)) {
-      throw new Error("This email is already used");
-    }
-
     try {
-      const newUser = getInstance({
-        first_name: request.body.first_name,
-        last_name: request.body.last_name,
-        email_canonical: email,
-        username_canonical: (email.replace("@", ".") || "").toLocaleLowerCase(),
-        phone: "",
-        identity_provider: "console",
-        identity_provider_id: email,
-        mail_verified: true,
-      });
-      const user = await gr.services.users.create(newUser);
-
-      await gr.services.companies.setUserRole(request.body.company_id, user.entity.id, "admin");
-
-      await gr.services.users.save(user.entity, {
-        user: { id: user.entity.id, server_request: true },
-      });
+      await gr.services.console.getClient().updateLocalUserFromConsole({
+        email: request.body.email.trim().toLocaleLowerCase(),
+        name: request.body.first_name,
+        surname: request.body.last_name,
+      } as ConsoleHookUser);
     } catch (err) {
-      throw new Error("An unknown error occured");
+      logger.error(err);
+      throw err;
     }
     return {};
   }
diff --git a/tdrive/backend/node/src/services/console/clients/remote.ts b/tdrive/backend/node/src/services/console/clients/remote.ts
index b23268955..b0e249424 100644
--- a/tdrive/backend/node/src/services/console/clients/remote.ts
+++ b/tdrive/backend/node/src/services/console/clients/remote.ts
@@ -1,4 +1,3 @@
-import { AxiosInstance } from "axios";
 import { ConsoleServiceClient } from "../client-interface";
 import {
   ConsoleCompany,
@@ -26,7 +25,6 @@ import config from "config";
 import { CompanyUserRole } from "src/services/user/web/types";
 export class ConsoleRemoteClient implements ConsoleServiceClient {
   version: "1";
-  client: AxiosInstance;
 
   private infos: ConsoleOptions;
   private verifier: OidcJwtVerifier;
@@ -101,12 +99,13 @@ export class ConsoleRemoteClient implements ConsoleServiceClient {
       throw CrudException.badRequest("User not found on Console");
     }
 
-    const roles = userDTO.roles.filter(
-      role => role.applications === undefined || role.applications.find(a => a.code === "tdrive"),
-    );
-
-    //REMOVE LATER
-    logger.info(`Roles are: ${roles}.`);
+    if (userDTO.roles) {
+      const roles = userDTO.roles.filter(
+        role => role.applications === undefined || role.applications.find(a => a.code === "tdrive"),
+      );
+      //REMOVE LATER
+      logger.info(`Roles are: ${roles}.`);
+    }
 
     let user = await gr.services.users.getByConsoleId(userDTO.email);
 
@@ -153,7 +152,9 @@ export class ConsoleRemoteClient implements ConsoleServiceClient {
       user.preferences.timezone = coalesce(userDTO.preference.timeZone, user.preferences?.timezone);
     }
 
-    user.picture = userDTO.avatar.value;
+    if (userDTO.avatar) {
+      user.picture = userDTO.avatar.value;
+    }
 
     await gr.services.users.save(user);
 
diff --git a/tdrive/backend/node/src/services/documents/web/routes.ts b/tdrive/backend/node/src/services/documents/web/routes.ts
index 53441e5a4..767178684 100644
--- a/tdrive/backend/node/src/services/documents/web/routes.ts
+++ b/tdrive/backend/node/src/services/documents/web/routes.ts
@@ -83,14 +83,14 @@ const routes: FastifyPluginCallback = (fastify: FastifyInstance, _options, next)
   fastify.route({
     method: "GET",
     url: `${serviceUrl}/:id/download`,
-    preValidation: [fastify.authenticateOptional],
+    preValidation: [fastify.authenticate],
     handler: documentsController.download.bind(documentsController),
   });
 
   fastify.route({
     method: "GET",
     url: `${serviceUrl}/download/zip`,
-    preValidation: [fastify.authenticateOptional],
+    preValidation: [fastify.authenticate],
     handler: documentsController.downloadZip.bind(documentsController),
   });
 
diff --git a/tdrive/backend/utils/ldap-sync/.env.example b/tdrive/backend/utils/ldap-sync/.env.example
new file mode 100644
index 000000000..748360e8e
--- /dev/null
+++ b/tdrive/backend/utils/ldap-sync/.env.example
@@ -0,0 +1,10 @@
+LDAP_URL=ldap://localhost:389
+LDAP_BIND_DN=
+LDAP_BIND_CREDENTIALS=
+LDAP_SEARCH_BASE=dc=example,dc=com
+LDAP_SEARCH_FILTER=(objectClass=inetorgperson)
+API_URL=http://tdrive:4000/api/sync
+TDRIVE_URL=http://tdrive:4000/
+TDRIVE_CREDENTIALS_ID=application-name
+TDRIVE_CREDENTIALS_SECRET=application-secret
+LDAP_ATTRIBUTE_MAPPINGS={"firstName": "givenName", "lastName": "sn", "email": "mail"}
diff --git a/tdrive/backend/utils/ldap-sync/.nvmrc b/tdrive/backend/utils/ldap-sync/.nvmrc
new file mode 100644
index 000000000..25bf17fc5
--- /dev/null
+++ b/tdrive/backend/utils/ldap-sync/.nvmrc
@@ -0,0 +1 @@
+18
\ No newline at end of file
diff --git a/tdrive/backend/utils/ldap-sync/package.json b/tdrive/backend/utils/ldap-sync/package.json
new file mode 100644
index 000000000..1ca7d8808
--- /dev/null
+++ b/tdrive/backend/utils/ldap-sync/package.json
@@ -0,0 +1,27 @@
+{
+  "name": "ldap_project",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "type": "module",
+  "scripts": {
+    "build": "npm run build:clean && npm run build:ts",
+    "build:ts": "tsc",
+    "build:clean": "rimraf ./dist",
+    "sync": "node dist/index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "axios": "^1.4.0",
+    "dotenv": "^16.0.3",
+    "ldapjs": "^3.0.2"
+  },
+  "devDependencies": {
+    "@types/ldapjs": "^2.2.5",
+    "typescript": "^5.0.4",
+    "rimraf": "^3.0.2"
+  }
+}
diff --git a/tdrive/backend/utils/ldap-sync/src/index.ts b/tdrive/backend/utils/ldap-sync/src/index.ts
new file mode 100644
index 000000000..12ea997ef
--- /dev/null
+++ b/tdrive/backend/utils/ldap-sync/src/index.ts
@@ -0,0 +1,161 @@
+import ldap, { SearchEntry } from "ldapjs";
+import axios, { AxiosError } from "axios";
+import dotenv from "dotenv";
+
+interface UserAttributes {
+  first_name: string;
+  last_name: string;
+  email: string;
+}
+
+export interface IApiServiceApplicationTokenRequestParams {
+  id: string;
+  secret: string;
+}
+
+export interface IApiServiceApplicationTokenResponse {
+  resource: {
+    access_token: {
+      time: number;
+      expiration: number;
+      value: string;
+      type: string;
+    };
+  };
+}
+
+dotenv.config();
+console.log("Run script with the following env: ");
+console.log(process.env);
+
+const ldapConfig = {
+  url: process.env.LDAP_URL || "localhost",
+  bindDN: process.env.LDAP_BIND_DN || "",
+  bindCredentials: process.env.LDAP_BIND_CREDENTIALS || "",
+  searchBase: process.env.LDAP_SEARCH_BASE || "dc=example,dc=com",
+  searchFilter: process.env.LDAP_SEARCH_FILTER || "(objectClass=inetorgperson)",
+  mappings: JSON.parse(process.env.LDAP_ATTRIBUTE_MAPPINGS || "{}"),
+  timeout: 120,
+  version: 3,
+};
+
+const tdriveConfig = {
+    url: process.env.TDRIVE_URL || "http://localhost:4000/)",
+    credentials: {
+      id: process.env.TDRIVE_CREDENTIALS_ID || "application-name",
+      secret: process.env.TDRIVE_CREDENTIALS_SECRET || "application-secret",
+  }
+};
+
+const refreshToken = async (): Promise<string> => {
+  try {
+    const response = await axios.post<IApiServiceApplicationTokenRequestParams, { data: IApiServiceApplicationTokenResponse }>(
+      `${tdriveConfig.url.replace(/\/$/, '')}/api/console/v1/login`,
+      {
+        id: tdriveConfig.credentials.id,
+        secret: tdriveConfig.credentials.secret,
+      },
+      {
+        headers: {
+          Authorization: `Basic ${Buffer.from(`${tdriveConfig.credentials.id}:${tdriveConfig.credentials.secret}`).toString('base64')}`,
+        },
+      },
+    );
+
+    const {
+      resource: {
+        access_token: { value },
+      },
+    } = response.data;
+
+    //axiosClient.interceptors.response.use(this.handleResponse, this.handleErrors);
+
+    return value;
+  } catch (error) {
+    console.error('failed to get application token', error);
+    console.info('Using token ', tdriveConfig.credentials.id, tdriveConfig.credentials.secret);
+    console.info(`POST ${tdriveConfig.url.replace(/\/$/, '')}/api/console/v1/login`);
+    console.info(`Basic ${Buffer.from(`${tdriveConfig.credentials.id}:${tdriveConfig.credentials.secret}`).toString('base64')}`);
+    throw new Error("Unable to get access to token, see precious errors for details.");
+  }
+};
+
+
+// Create LDAP client
+const client = ldap.createClient({
+  url: ldapConfig.url,
+});
+
+const accessToken = await refreshToken()
+
+const axiosClient = axios.create({
+  baseURL: tdriveConfig.url,
+  headers: {
+    Authorization: `Bearer ${accessToken}`,
+  },
+});
+
+// Bind to LDAP server
+client.bind(ldapConfig.bindDN, ldapConfig.bindCredentials, (err) => {
+  if (err) {
+    console.error("LDAP bind error:", err);
+    return;
+  }
+
+  // Perform search
+  client.search(
+    ldapConfig.searchBase,
+    {
+      filter: ldapConfig.searchFilter,
+      attributes: [ldapConfig.mappings.firstName, ldapConfig.mappings.lastName, ldapConfig.mappings.email],
+      scope: "sub",
+      derefAliases: 2,
+    },
+    (searchErr, searchRes) => {
+      if (searchErr) {
+        console.error("LDAP search error:", searchErr);
+        return;
+      }
+
+      const apiRequests: Promise<any>[] = [];
+
+      searchRes.on("searchEntry", (entry: SearchEntry) => {
+        console.log('Receive entry:: ' + JSON.stringify(entry.attributes));
+
+        // Handle each search result entry
+        const userAttributes: UserAttributes = {
+          first_name: entry.attributes.find(a=> a.type == ldapConfig.mappings.firstName)?.vals[0]!,
+          last_name: entry.attributes.find(a=> a.type == ldapConfig.mappings.lastName)?.vals[0]!,
+          email: entry.attributes.find(a=> a.type == ldapConfig.mappings.email)?.vals[0]!,
+        };
+
+        if (userAttributes.email) {
+          //Make API call to tdrive backend with the userAttributes
+          apiRequests.push(axiosClient.post(process.env.API_URL || "", userAttributes)
+            .catch((e: AxiosError<any>) => {
+              console.log(`Error for ${JSON.stringify(userAttributes)}: ${e.message}, body: ${e.response?.data?.message}`);
+            }));
+        } else {
+          console.log(`user ${JSON.stringify(userAttributes)} doesn't have an email`);
+        }
+      });
+
+      searchRes.on("error", (err) => {
+        console.error("LDAP search result error:", err);
+      });
+
+      searchRes.on("end", () => {
+        // Unbind from LDAP server after search is complete
+        client.unbind((unbindErr) => {
+          if (unbindErr) {
+            console.error("LDAP unbind error:", unbindErr);
+          } else {
+
+            Promise.allSettled(apiRequests)
+              .finally(() => console.log("LDAP search COMPLETED."));
+          }
+        });
+      });
+    }
+  );
+});
diff --git a/tdrive/backend/utils/ldap-sync/tsconfig.json b/tdrive/backend/utils/ldap-sync/tsconfig.json
new file mode 100644
index 000000000..d0ccc9ded
--- /dev/null
+++ b/tdrive/backend/utils/ldap-sync/tsconfig.json
@@ -0,0 +1,13 @@
+{
+    "compilerOptions": {
+        "target": "esnext",
+        "module": "esnext",
+        "moduleResolution": "node",
+        "outDir": "dist",
+        "strict": true,
+        "esModuleInterop": true,
+        "useUnknownInCatchVariables": false
+    },
+    "include": ["src"]
+}
+  
\ No newline at end of file
diff --git a/tdrive/docker/tdrive-ldap-sync/Dockerfile b/tdrive/docker/tdrive-ldap-sync/Dockerfile
new file mode 100644
index 000000000..f67c71ee2
--- /dev/null
+++ b/tdrive/docker/tdrive-ldap-sync/Dockerfile
@@ -0,0 +1,15 @@
+# Use an official Node.js runtime as the base image
+FROM node:lts-alpine
+
+# Set the working directory inside the container
+WORKDIR /usr/src/app
+
+# Copy app
+COPY backend/utils/ldap-sync/*.json ./
+COPY backend/utils/ldap-sync/src/** ./src/
+COPY backend/utils/ldap-sync/.nvmrc ./
+
+RUN npm i && npm run build
+
+# Run the Node.js application
+CMD ["npm", "run", "sync"]
diff --git a/tdrive/frontend/public/index.html b/tdrive/frontend/public/index.html
index 2da3c6944..a46b747b2 100644
--- a/tdrive/frontend/public/index.html
+++ b/tdrive/frontend/public/index.html
@@ -10,6 +10,8 @@
       content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0"
     />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta http-equiv="Pragma" content="no-cache" />
+    <meta http-equiv="Expires" content="0" />
     <link rel="shortcut icon" href="/favicon.ico" />
     <style>
       #app,
diff --git a/tdrive/frontend/public/locales/en.json b/tdrive/frontend/public/locales/en.json
index 465c51cfa..2ec357bcc 100644
--- a/tdrive/frontend/public/locales/en.json
+++ b/tdrive/frontend/public/locales/en.json
@@ -317,6 +317,7 @@
     "components.item_context_menu.today": "Today",
     "components.item_context_menu.last_week": "Last week",
     "components.item_context_menu.last_month": "Last month",
+    "components.item_context_menu.open_new_window": "Open in new window",
     "scenes.app.shared_with_me.shared_with_me": "Shared with me",
     "scenes.app.shared_with_me.file_type": "File type",
     "scenes.app.shared_with_me.people": "People",
diff --git a/tdrive/frontend/public/locales/fr.json b/tdrive/frontend/public/locales/fr.json
index 3751f160d..94cef7096 100644
--- a/tdrive/frontend/public/locales/fr.json
+++ b/tdrive/frontend/public/locales/fr.json
@@ -316,6 +316,7 @@
     "components.item_context_menu.today": "Aujourd'hui",
     "components.item_context_menu.last_week": "La semaine dernière",
     "components.item_context_menu.last_month": "Le mois dernier",
+    "components.item_context_menu.open_new_window": "Open in new window",
     "scenes.app.shared_with_me.shared_with_me": "Partagé avec moi",
     "scenes.app.shared_with_me.file_type": "Type de fichier",
     "scenes.app.shared_with_me.people": "Personnes",
diff --git a/tdrive/frontend/public/locales/ru.json b/tdrive/frontend/public/locales/ru.json
index f4e7be8ef..9378b8e8f 100644
--- a/tdrive/frontend/public/locales/ru.json
+++ b/tdrive/frontend/public/locales/ru.json
@@ -316,6 +316,7 @@
     "components.item_context_menu.today": "Сегодня",
     "components.item_context_menu.last_week": "За неделю",
     "components.item_context_menu.last_month": "За месяц",
+    "components.item_context_menu.open_new_window": "Открыть в новом окне",
     "scenes.app.shared_with_me.shared_with_me": "Доступные мне",
     "scenes.app.shared_with_me.file_type": "Тип файла",
     "scenes.app.shared_with_me.people": "Люди",
diff --git a/tdrive/frontend/src/app/components/search-popup/common.tsx b/tdrive/frontend/src/app/components/search-popup/common.tsx
index 876d161ff..a8c335c13 100644
--- a/tdrive/frontend/src/app/components/search-popup/common.tsx
+++ b/tdrive/frontend/src/app/components/search-popup/common.tsx
@@ -1,48 +1,8 @@
-import Strings from 'features/global/utils/strings';
-import FileUploadService from 'features/files/services/file-upload-service';
-import routerService from '@features/router/services/router-service';
 import { DriveApiClient } from '@features/drive/api-client/api-client';
 import { DriveItem } from '@features/drive/types';
-import { AttachedFileType } from '@features/files/types/file';
 
-export const highlightText = (text?: string, highlight?: string) => {
-  if (!text) {
-    return '';
-  }
-  if (!highlight) {
-    return text;
-  }
-  const reg = new RegExp('(' + Strings.removeAccents(highlight) + ')', 'ig');
-  return Strings.removeAccents(text).replace(reg, "<span class='highlight'>$1</span>");
-};
-
-export const getFileMessageDownloadRoute = (file: AttachedFileType): string => {
-  if (file?.metadata?.source === 'internal')
-    return FileUploadService.getDownloadRoute({
-      companyId: file.metadata?.external_id?.company_id,
-      fileId: file.metadata?.external_id?.id,
-    });
-  return '';
-};
-
-export const onFileDownloadClick = (file: AttachedFileType) => {
-  const url = getFileMessageDownloadRoute(file);
-
-  url && (window.location.href = url);
-};
-
-export const openDriveItem = (driveItem: DriveItem, workspace_id: string, drive_app_id: string) => {
-  routerService.push(
-    routerService.generateRouteFromState({
-      companyId: driveItem.company_id,
-      workspaceId: workspace_id,
-      channelId: drive_app_id,
-    }),
-  );
-};
 
 export const onDriveItemDownloadClick = async (driveItem: DriveItem) => {
   const url = await DriveApiClient.getDownloadUrl(driveItem.company_id, driveItem.id);
-
   url && (window.location.href = url);
 };
diff --git a/tdrive/frontend/src/app/components/search-popup/search-input.tsx b/tdrive/frontend/src/app/components/search-popup/search-input.tsx
index 46c661489..b411bf553 100755
--- a/tdrive/frontend/src/app/components/search-popup/search-input.tsx
+++ b/tdrive/frontend/src/app/components/search-popup/search-input.tsx
@@ -1,12 +1,12 @@
-import { SearchIcon } from '@heroicons/react/solid';
-import { useEffect, useRef } from 'react';
-import { useRecoilState } from 'recoil';
-import { InputDecorationIcon } from '@atoms/input/input-decoration-icon';
-import { Input } from '@atoms/input/input-text';
-import { Loader } from '@atoms/loader';
-import Languages from '@features/global/services/languages-service';
-import { useSearchDriveItemsLoading } from '@features/search/hooks/use-search-drive-items';
-import { SearchInputState } from '@features/search/state/search-input';
+import { SearchIcon } from "@heroicons/react/solid";
+import { useEffect, useRef } from "react";
+import { useRecoilState } from "recoil";
+import { InputDecorationIcon } from "@atoms/input/input-decoration-icon";
+import { Input } from "@atoms/input/input-text";
+import { Loader } from "@atoms/loader";
+import Languages from "@features/global/services/languages-service";
+import { useSearchDriveItemsLoading } from "@features/search/hooks/use-search-drive-items";
+import { SearchInputState } from "@features/search/state/search-input";
 
 export const SearchInput = () => {
   const [input, setInput] = useRecoilState(SearchInputState);
@@ -16,9 +16,7 @@ export const SearchInput = () => {
     if (inputElement.current) inputElement.current.focus();
   }, []);
 
-  const driveItemsLoading = useSearchDriveItemsLoading();
-
-  const loading = driveItemsLoading;
+  const loading = useSearchDriveItemsLoading();
 
   return (
     <div className="relative flex mt-2 w-full">
diff --git a/tdrive/frontend/src/app/environment/version.ts b/tdrive/frontend/src/app/environment/version.ts
index 78c73bf1a..a4ae53fd6 100644
--- a/tdrive/frontend/src/app/environment/version.ts
+++ b/tdrive/frontend/src/app/environment/version.ts
@@ -1,5 +1,5 @@
 export default {
-  version: /* @VERSION */ '2023.Q1',
-  version_detail: /* @VERSION_DETAIL */ '2023.Q1.1223',
-  version_name: /* @VERSION_NAME */ 'Albatros',
+  version: /* @VERSION */ '2023.Q3.011',
+  version_detail: /* @VERSION_DETAIL */ '2023.Q3.011',
+  version_name: /* @VERSION_NAME */ 'Ghost-Dog',
 };
diff --git a/tdrive/frontend/src/app/features/auth/auth-service.ts b/tdrive/frontend/src/app/features/auth/auth-service.ts
index 04d0ac8cd..c6a291028 100644
--- a/tdrive/frontend/src/app/features/auth/auth-service.ts
+++ b/tdrive/frontend/src/app/features/auth/auth-service.ts
@@ -19,6 +19,7 @@ import UserAPIClient from '../../features/users/api/user-api-client';
 import Application from '@features/applications/services/application-service';
 import LocalStorage from '@features/global/framework/local-storage-service';
 import Globals from '@features/global/services/globals-tdrive-app-service';
+import { Cookies } from 'react-cookie';
 
 type AccountType = 'remote' | 'internal';
 export type LoginState = '' | 'app' | 'error' | 'signin' | 'logged_out' | 'logout';
@@ -26,11 +27,16 @@ type InitState = '' | 'initializing' | 'initialized';
 
 @TdriveService('AuthService')
 class AuthService {
+
+  public static AUTH_TOKEN_COOKIE = "X-AuthToken";
+
   private provider: AuthProvider<any, any, any> | null = null;
   private logger: Logger.Logger;
   private initState: InitState = '';
+  private cookies: Cookies = new Cookies();
   currentUserId = '';
 
+
   constructor() {
     this.logger = Logger.getLogger('AuthService');
   }
@@ -125,7 +131,9 @@ class AuthService {
 
   onNewToken(token?: JWTDataType): void {
     if (token) {
+      console.log("Save auth token to storage and cookie")
       JWT.updateJWT(token);
+      this.cookies.set(AuthService.AUTH_TOKEN_COOKIE, JWT.getJWT(), { path: "/" });
       // TODO: Update the user from API?
       // this.updateUser();
     }
@@ -220,6 +228,7 @@ class AuthService {
     this.resetCurrentUser();
     LocalStorage.clear();
     JWT.clear();
+    this.cookies.remove(AuthService.AUTH_TOKEN_COOKIE);
   }
 
   setCurrentUser(user: UserType) {
diff --git a/tdrive/frontend/src/app/features/auth/jwt-storage-service.ts b/tdrive/frontend/src/app/features/auth/jwt-storage-service.ts
index e2ec87e9f..738659d50 100755
--- a/tdrive/frontend/src/app/features/auth/jwt-storage-service.ts
+++ b/tdrive/frontend/src/app/features/auth/jwt-storage-service.ts
@@ -134,7 +134,7 @@ class JWTStorage {
       this.logger.debug('authenticateCall: Updating user because the access token expired');
       this.renew()
         .then(() => {
-          LoginService.updateUser(callback);
+          return LoginService.updateUser(callback);
         })
         .catch(async () => {
           this.clear();
diff --git a/tdrive/frontend/src/app/features/auth/login-service.ts b/tdrive/frontend/src/app/features/auth/login-service.ts
index 4499ed29a..4a0027627 100755
--- a/tdrive/frontend/src/app/features/auth/login-service.ts
+++ b/tdrive/frontend/src/app/features/auth/login-service.ts
@@ -11,8 +11,6 @@ import Application from '../applications/services/application-service';
 import { UserType } from '@features/users/types/user';
 import { Cookies } from 'react-cookie';
 import InitService from '../global/services/init-service';
-import { useRecoilState } from "recoil";
-import { CurrentUserState } from "features/users/state/atoms/current-user";
 
 class Login extends Observable {
 
@@ -39,6 +37,7 @@ class Login extends Observable {
   error_code: any;
   cookies: Cookies;
 
+
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   recoilUpdateUser = (user: UserType | undefined) => {};
 
@@ -224,18 +223,6 @@ class Login extends Observable {
     this.userIsSet = new Promise(resolve => (this.resolveUser = resolve));
   }
 
-  getIsPublicAccess() {
-    let publicAccess = false;
-    const viewParameter = WindowState.findGetParameter('view') || '';
-    if (
-      (viewParameter && ['drive_publicAccess'].indexOf(viewParameter) >= 0) ||
-      Globals.store_public_access_get_data
-    ) {
-      publicAccess = true;
-      Globals.store_public_access_get_data = WindowState.allGetParameter();
-    }
-    return publicAccess;
-  }
 }
 
 export default new Login();
diff --git a/tdrive/frontend/src/app/features/drive/api-client/api-client.ts b/tdrive/frontend/src/app/features/drive/api-client/api-client.ts
index 2dd071389..ba0bc37e7 100644
--- a/tdrive/frontend/src/app/features/drive/api-client/api-client.ts
+++ b/tdrive/frontend/src/app/features/drive/api-client/api-client.ts
@@ -118,22 +118,10 @@ export class DriveApiClient {
     );
   }
 
-  static async getDownloadToken(companyId: string, ids: string[], versionId?: string) {
-    return Api.get<{ token: string }>(
-      `/internal/services/documents/v1/companies/${companyId}/item/download/token` +
-        `?items=${ids.join(',')}&version_id=${versionId}` +
-        appendTdriveToken(true),
-    );
-  }
-
-  static async getDownloadUrl(companyId: string, id: string, versionId?: string) {
+  static getDownloadUrl(companyId: string, id: string, versionId?: string) {
     if (versionId)
-      return Api.route(
-        `/internal/services/files/v1/companies/${companyId}/files/${id}/download?version_id=${versionId}`,
-      );
-    return Api.route(
-      `/internal/services/files/v1/companies/${companyId}/files/${id}/download`,
-    );
+      return Api.route(`/internal/services/documents/v1/companies/${companyId}/item/${id}/download?version_id=${versionId}`);
+    return Api.route(`/internal/services/documents/v1/companies/${companyId}/item/${id}/download`);
   }
 
   static async getDownloadZipUrl(companyId: string, ids: string[]) {
diff --git a/tdrive/frontend/src/app/features/drive/hooks/use-drive-upload.tsx b/tdrive/frontend/src/app/features/drive/hooks/use-drive-upload.tsx
index 655b49430..f41dcbf15 100644
--- a/tdrive/frontend/src/app/features/drive/hooks/use-drive-upload.tsx
+++ b/tdrive/frontend/src/app/features/drive/hooks/use-drive-upload.tsx
@@ -48,12 +48,14 @@ export const useDriveUpload = () => {
     const filesPerParentId: { [key: string]: File[] } = {};
 
     // Create all directories
+    console.debug("Start creating directories ...");
     const createDirectories = async (tree: FileTreeObject['tree'], parentId: string) => {
       for (const directory of Object.keys(tree)) {
         if (tree[directory] instanceof File) {
           if (!filesPerParentId[parentId]) filesPerParentId[parentId] = [];
           filesPerParentId[parentId].push(tree[directory] as File);
         } else {
+          console.debug(`Create directory ${directory}`);
           const driveItem = await create(
             {
               company_id: context.companyId,
@@ -63,6 +65,7 @@ export const useDriveUpload = () => {
             },
             {},
           );
+          console.debug(`Directory ${directory} created`);
           if (driveItem?.id) {
             await createDirectories(tree[directory] as FileTreeObject['tree'], driveItem.id);
           } else {
@@ -72,10 +75,11 @@ export const useDriveUpload = () => {
       }
     };
     await createDirectories(tree.tree, context.parentId);
+    console.debug("All directories created");
 
     // Upload files into directories
     for (const parentId of Object.keys(filesPerParentId)) {
-      FileUploadService.upload(filesPerParentId[parentId], {
+      await FileUploadService.upload(filesPerParentId[parentId], {
         context: {
           companyId: context.companyId,
           parentId: parentId,
diff --git a/tdrive/frontend/src/app/features/files/hooks/use-upload.ts b/tdrive/frontend/src/app/features/files/hooks/use-upload.ts
index 45a596db7..a03d50a16 100644
--- a/tdrive/frontend/src/app/features/files/hooks/use-upload.ts
+++ b/tdrive/frontend/src/app/features/files/hooks/use-upload.ts
@@ -21,27 +21,6 @@ export const useUpload = () => {
     if (companyId) FileUploadService.deleteOneFile({ companyId, fileId: id });
   };
 
-  const downloadOneFile = ({
-    companyId,
-    fileId,
-    blob,
-  }: {
-    companyId: string;
-    fileId: string;
-    blob?: boolean;
-  }) => {
-    if (blob) {
-      return FileUploadService.download({ companyId, fileId });
-    }
-
-    const url = FileUploadService.getDownloadRoute({
-      companyId,
-      fileId,
-    });
-
-    url && (window.location.href = url);
-  };
-
   const retryUpload = (id: string) => FileUploadService.retry(id);
 
   return {
@@ -51,7 +30,6 @@ export const useUpload = () => {
     getOnePendingFile,
     currentTask,
     deleteOneFile,
-    downloadOneFile,
     retryUpload,
   };
 };
diff --git a/tdrive/frontend/src/app/features/files/services/file-upload-service.ts b/tdrive/frontend/src/app/features/files/services/file-upload-service.ts
index d998043fa..3b04c99a8 100644
--- a/tdrive/frontend/src/app/features/files/services/file-upload-service.ts
+++ b/tdrive/frontend/src/app/features/files/services/file-upload-service.ts
@@ -56,8 +56,8 @@ class FileUploadService {
       this.currentTaskId = uuid();
     }
 
-    fileList.forEach(async file => {
-      if (!file) return;
+    for (const file of fileList) {
+      if (!file) continue;
 
       const pendingFile: PendingFileType = {
         id: uuid(),
@@ -140,7 +140,7 @@ class FileUploadService {
         options?.callback?.(null, options?.context || {});
         this.notify();
       });
-    });
+    }
 
     return this.pendingFiles.filter(f => f.uploadTaskId === this.currentTaskId);
   }
@@ -258,6 +258,7 @@ class FileUploadService {
     });
   }
 
+
   public getDownloadRoute({ companyId, fileId }: { companyId: string; fileId: string }): string {
     return FileUploadAPIClient.getDownloadRoute({
       companyId: companyId,
diff --git a/tdrive/frontend/src/app/features/global/framework/requests-api-service.ts b/tdrive/frontend/src/app/features/global/framework/requests-api-service.ts
index c45f13898..b08413a2e 100755
--- a/tdrive/frontend/src/app/features/global/framework/requests-api-service.ts
+++ b/tdrive/frontend/src/app/features/global/framework/requests-api-service.ts
@@ -31,12 +31,10 @@ class Requests {
         .then(response => {
           if (options.withBlob) {
             response.blob().then(blob => {
-              this.retrieveJWTToken(JSON.stringify(blob));
               callback && callback(blob);
             });
           } else {
             response.text().then(text => {
-              if (text) this.retrieveJWTToken(text);
               callback && callback(text);
             });
           }
@@ -54,17 +52,6 @@ class Requests {
       this.request(type, route, data, callback, options);
     });
   }
-
-  retrieveJWTToken(rawBody: string) {
-    try {
-      const body = JSON.parse(rawBody);
-      if (body.access_token) {
-        JWTStorage.updateJWT(body.access_token);
-      }
-    } catch (err) {
-      console.error('Error while reading jwt tokens from: ' + rawBody, err);
-    }
-  }
 }
 
 export default new Requests();
diff --git a/tdrive/frontend/src/app/views/client/body/drive/browser.tsx b/tdrive/frontend/src/app/views/client/body/drive/browser.tsx
index f9a06dba9..746f6188b 100644
--- a/tdrive/frontend/src/app/views/client/body/drive/browser.tsx
+++ b/tdrive/frontend/src/app/views/client/body/drive/browser.tsx
@@ -156,7 +156,7 @@ export default memo(
               if (dataTransfer) {
                 const tree = await getFilesTree(dataTransfer);
                 setCreationModalState({ parent_id: '', open: false });
-                uploadTree(tree, {
+                await uploadTree(tree, {
                   companyId,
                   parentId,
               });
diff --git a/tdrive/frontend/src/app/views/client/body/drive/context-menu.tsx b/tdrive/frontend/src/app/views/client/body/drive/context-menu.tsx
index a36737082..e8d5154a7 100644
--- a/tdrive/frontend/src/app/views/client/body/drive/context-menu.tsx
+++ b/tdrive/frontend/src/app/views/client/body/drive/context-menu.tsx
@@ -20,6 +20,8 @@ import { copyToClipboard } from '@features/global/utils/CopyClipboard';
 import { SharedWithMeFilterState } from '@features/drive/state/shared-with-me-filter';
 import { getCurrentUserList } from '@features/users/hooks/use-user-list';
 import useRouteState from 'app/features/router/hooks/use-route-state';
+import RouterServices from '@features/router/services/router-service';
+import useRouterCompany from '@features/router/hooks/use-router-company';
 import _ from 'lodash';
 import Languages from 'features/global/services/languages-service';
 
@@ -45,6 +47,8 @@ export const useOnBuildContextMenu = (children: DriveItem[], initialParentId?: s
   const setUsersModalState = useSetRecoilState(UsersModalAtom);
   const { open: preview } = useDrivePreview();
   const { viewId } = useRouteState();
+  const company = useRouterCompany();
+  
   function getIdsFromArray(arr: DriveItem[]): string[] {
     return arr.map((obj) => obj.id);
   }
@@ -85,11 +89,23 @@ export const useOnBuildContextMenu = (children: DriveItem[], initialParentId?: s
                   downloadZip([item!.id]);
                   console.log(item!.id);
                 } else {
-                  download(item.last_version_cache.file_metadata.external_id);
+                  download(item.id);
                 }
               }
             },
             { type: 'separator' },
+            {
+              type: 'menu',
+              text: Languages.t('components.item_context_menu.open_new_window'),
+              onClick: () => {
+                const itemId = !item.is_directory ? item.id : "";
+                const viewId = item.is_directory ? item.id : item.parent_id;
+                const route = RouterServices.generateRouteFromState({ companyId: company, viewId, itemId });
+                window.open(route, '_blank');
+                window.open(route, '_blank');
+              }
+            },
+            { type: 'separator' },
             {
               type: 'menu',
               text: Languages.t('components.item_context_menu.manage_access'),
@@ -280,7 +296,7 @@ export const useOnBuildContextMenu = (children: DriveItem[], initialParentId?: s
                       downloadZip(idsFromArray);
                     } else if (parent.item) {
                       console.log("Download folder itself");
-                      download(parent.item.last_version_cache.file_metadata.external_id);
+                      download(parent.item.id);
                     } else {
                       console.error("Very strange, everything is null, you are trying to download undefined");
                     }
diff --git a/tdrive/frontend/src/app/views/client/body/drive/shared.tsx b/tdrive/frontend/src/app/views/client/body/drive/shared.tsx
index cbf5fcadb..6a918173d 100755
--- a/tdrive/frontend/src/app/views/client/body/drive/shared.tsx
+++ b/tdrive/frontend/src/app/views/client/body/drive/shared.tsx
@@ -16,6 +16,8 @@ import { ToasterService } from 'app/features/global/services/toaster-service';
 import { useParams } from 'react-router-dom';
 import shortUUID from 'short-uuid';
 import Avatar from '../../../../atoms/avatar';
+import AuthService from '@features/auth/auth-service';
+
 import {
   DriveApiClient,
   setPublicLinkToken,
@@ -122,12 +124,11 @@ const AccessChecker = ({
         throw new Error('Invalid password or token, or expired link.');
       }
 
-      JWTStorage.updateJWT(access_token);
+      AuthService.onNewToken(access_token);
 
-      //Everything alright, load the drive
       setAccessGranted(true);
-      refresh(folderId);
-      refreshApplications();
+      await refresh(folderId);
+      await refreshApplications();
     } catch (e) {
       console.error(e);
       ToasterService.error('Unable to access documents: ' + e);
diff --git a/tdrive/frontend/src/app/views/client/header/index.tsx b/tdrive/frontend/src/app/views/client/header/index.tsx
index ef4a5fae2..229380811 100644
--- a/tdrive/frontend/src/app/views/client/header/index.tsx
+++ b/tdrive/frontend/src/app/views/client/header/index.tsx
@@ -2,21 +2,30 @@ import { MenuIcon } from '@heroicons/react/outline';
 import Account from '../common/account';
 import AppGrid from '../common/app-grid';
 import Search from '../common/search';
+import { Info } from "@atoms/text";
+import version from '../../../environment/version';
 
 export default ({ openSideMenu }: { openSideMenu: () => void }) => {
   return (
     <div className="bg-white dark:bg-zinc-900 h-16 sm:h-20 p-4 sm:p-6 flex space-between items-center">
       <div className="sm:block hidden shrink-0 w-1/6 max-w-xs" style={{ minWidth: 100 }}>
-        <img
-          src="/public/img/logo/logo-text-black.png"
-          className="h-6 ml-1 dark:hidden block"
-          alt="Tdrive"
-        />
-        <img
-          src="/public/img/logo/logo-text-white.png"
-          className="h-6 ml-1 dark:block hidden"
-          alt="Tdrive"
-        />
+        <div className="sm:inline-grid">
+          <img
+            src="/public/img/logo/logo-text-black.png"
+            className="h-6 ml-1 dark:hidden block"
+            alt="Tdrive"
+          />
+          <img
+            src="/public/img/logo/logo-text-white.png"
+            className="h-6 ml-1 dark:block hidden"
+            alt="Tdrive"
+          />
+        </div>
+        <div className="sm:inline-grid">
+          <Info className="font-bold overflow-hidden text-ellipsis whitespace-nowrap w-full block -mb-1">
+            &nbsp;v{version.version}
+          </Info>
+        </div>
       </div>
       <div
         onClick={() => openSideMenu()}