-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT in cookies? #12
Comments
Closed
nashby
added a commit
that referenced
this issue
Sep 30, 2023
This PR adds a new auth option: cookie. To enable it you need to set `token_location` option as: ``` use Rack::JWT::Auth, { token_location: { cookie: 'COOKIE_NAME' } } ``` By default rack-jwt will keep using `:header` token location option so there're no change required after this PR is merged. If you want to explicitly set the token location to `:header`: ``` use Rack::JWT::Auth, { token_location: :header } ``` closes #21 #12
Merged
nashby
added a commit
that referenced
this issue
Sep 30, 2023
This PR adds a new auth option: cookie. To enable it you need to set `token_location` option as: ``` use Rack::JWT::Auth, { token_location: { cookie: 'COOKIE_NAME' } } ``` By default rack-jwt will keep using `:header` token location option so there're no change required after this PR is merged. If you want to explicitly set the token location to `:header`: ``` use Rack::JWT::Auth, { token_location: :header } ``` closes #21 #12
closed by #32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an easy way to have rack-jwt read the token from cookies headers instead of just Bearer?
I read several articles and discussions about where to store securely JWTs, and it appears the consensus is don't store in localstorage, instead use cookies with secure flags.
The text was updated successfully, but these errors were encountered: