Add a way for SPA to request Kinto to authorize request via httpOnly cookies #2334
Labels
enhancement
stale
For marking issues as stale. Labeled issues will be closed soon if label is not removed.
The OpenID flow redirects to a page with the auth_token.
As @magopian pointed out, it is a best practice to not store the token on the client side.
The experts told us instead to store it inside a httpOnly cookie that can be read only from the server side.
This means two things from a kinto perspective:
The text was updated successfully, but these errors were encountered: