-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't send token to token/verify if http-only #191
Comments
I briefly looked into this but I'm not very much at home in these packages. I'm not sure if the fix for this issue would require changes to |
@SpicyPaper thanks for the link, I missed that issue. It seems (so far) to be working for me too, it seems like it wouldn't be a bad idea to implement this into this package and utilize it when using JWT, since it just doesn't work currently. @iMerica, could that code be used in the package? |
In order to verify your token, you should send it to
root/token/verify
. However, if you are using JWT and are setting the tokens as HTTP-only cookies on the server, the client doesn't have access to this cookie and can thus not verify it.The same is true for refreshing your token using
root/token/refresh
.I think a feature should be added that takes the token from the HTTP-only cookies if no token is provided in the body of the request.
The text was updated successfully, but these errors were encountered: