JWT in cookies? #12
Comments
Closed
nashby
added a commit
that referenced
this issue
Sep 30, 2023
This PR adds a new auth option: cookie. To enable it you need to set `token_location` option as:
```
use Rack::JWT::Auth, { token_location: { cookie: 'COOKIE_NAME' } }
```
By default rack-jwt will keep using `:header` token location option so there're no change required
after this PR is merged. If you want to explicitly set the token location to `:header`:
```
use Rack::JWT::Auth, { token_location: :header }
```
closes #21 #12
Merged
nashby
added a commit
that referenced
this issue
Sep 30, 2023
This PR adds a new auth option: cookie. To enable it you need to set `token_location` option as:
```
use Rack::JWT::Auth, { token_location: { cookie: 'COOKIE_NAME' } }
```
By default rack-jwt will keep using `:header` token location option so there're no change required
after this PR is merged. If you want to explicitly set the token location to `:header`:
```
use Rack::JWT::Auth, { token_location: :header }
```
closes #21 #12
|
closed by #32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an easy way to have rack-jwt read the token from cookies headers instead of just Bearer?
I read several articles and discussions about where to store securely JWTs, and it appears the consensus is don't store in localstorage, instead use cookies with secure flags.
The text was updated successfully, but these errors were encountered: