Skip to content
Snippets Groups Projects
Commit 334546cd authored by Daniel Gerhardt's avatar Daniel Gerhardt
Browse files

Send JWT via cookie instead of redirect query param

A short lived cookie is set for the temporary JWT. The cookie will be
deleted once the token is manually refreshed.

Because the API's callback isn't directly called by the frontend, it
doesn't have access to the response. I found three options to pass
authentication to the frontend: via URL (query param/fragment
identifier), JavaScript in the callback response or a short lived
cookie. The cookie is easy to implement and doesn't require any
knowledge about the frontend.
parent f805fe98
No related merge requests found
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment