Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT Tokens not passed securely to frontend #8693

Closed
v0eak opened this issue Aug 21, 2024 · 1 comment
Closed

JWT Tokens not passed securely to frontend #8693

v0eak opened this issue Aug 21, 2024 · 1 comment
Labels
status: needs triaging version: 2.0

Comments

@v0eak
Copy link

v0eak commented Aug 21, 2024
edited
Loading

Bug report

The JWT Token is not communicated securely between the backend and the storefront.

Describe the bug

After an actor_type logs in, the login has to be verified. This is done in the /auth/${actor}/${method}/callback route. However, if a succesRedirectUrl is provided, the token is appended as a query parameter, which is not secure.

Steps to reproduce the behavior

Authenticate with the provider options successRedirectURL

[Modules.AUTH]: {
      resolve: "@medusajs/auth",
      options: {
        providers: [
          {
            resolve: "@medusajs/auth-emailpass",
            id: "emailpass",
            options: {
              successRedirectURL: process.env.SUCCESS_REDIRECT_URL
            },
          },
        ]
      }
    }

Expected behavior

The Token is appended in the URL Parameter.

Code snippets

#8681 (comment)

Additional context

The solution is provided in this pull Request: #8681
@v0eak
Copy link
Author

v0eak commented Sep 5, 2024

Issue was fixed in: #8980

@v0eak v0eak closed this as completed Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: needs triaging version: 2.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@v0eak