This repository has been archived by the owner on Mar 31, 2023. It is now read-only.
Ugh: Cookie Support so session can survive OAuth / redirects #18
Labels
Comments
|
On the surface it does smell a bit weird, but this seems reasonable. I'll add it in the next push, which should go up early next week. |
|
Now being tracked here: #21 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I hate to have to ask for this, but there are cases where you need a browser to follow a 302 redirect (handling social authentications, for example). Unfortunately, there's no way to instruct a browser to send an auth header when the redirect happens, so the session would be lost during the redirect.
Allowing the JWT to also be stored in req.cookies[options.requestArg] would allow this module to be used in these cases.
While my own gut reaction to using a cookie in this case is that it's antithetical to the idea of JWT, further reading has shown me that's not the case.
The text was updated successfully, but these errors were encountered: