Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support graceful fallback to cookies #45

Closed
ekryski opened this Issue Feb 8, 2016 · 1 comment

Comments

Projects
None yet
1 participant
@ekryski
Copy link
Member

ekryski commented Feb 8, 2016

Currently when using OAuth, in order to get the JWT we generate back to the client, we shove it in a cookie called feathers-jwt. The client then parses the JWT from the cookie and uses this JWT to authenticate with the API going forward.

In theory, in addition to checking the Authorization header, query sting, or request/socket body we could also check the feathers-jwt cookie to see if it is expired and if not grab the token.

Now that I think about this, this is actually pretty easy and should just be a couple lines added right in this middleware.

@ekryski

This comment has been minimized.

Copy link
Member Author

ekryski commented Feb 11, 2016

This is now done in the decoupling branch now. It doesn't support cookies on sockets however...

@ekryski ekryski modified the milestone: 1.0 release Feb 11, 2016

@ekryski ekryski referenced this issue Feb 12, 2016

Merged

Decoupling #49

@ekryski ekryski closed this Feb 12, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.