feat: save provider access/refresh tokens in cookies #197
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Store provider access/refresh tokens in cookies
This PR stores provider access/refresh tokens in cookies, to allow server routes to use provider APIs.
Types of changes
Description
When logging in users with external API scopes for a provider (for example, Github), the application will need access to the provider token to access the provider's API. This token is stored in the
session
object, which is only stored in the client (if I'm not mistaken).When calling an API in my project, only
sb-access-token
andsb-refresh-token
cookies are sent, which means that if I want to access Github's API from a server route, I won't be able to do so.As I see it, there are 2 workarounds for this:
This PR implements the second solution. To access the provider's token from the server, one can simply:
Checklist: