-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider providing cookie / session based mechanism for API applications #59
Comments
It is not a switch for the installer, but this? Also, I think it has made clear that using JWT for client auth is not a good idea in several elixirforum's discussions. |
I'm really busy at the moment, but early June I should be able to address this. Sorry for the delay. |
I can update the Phauxth Authenticate plug to handle tokens that are stored in cookies. Is that what you want? |
@riverrun, I think it would be nice to allow storing and reading the tokens from cookies. I have already done that within Guardian and it is working fine. |
I have added information about how to customize Authenticate.Token to the documentation for that module, and there is also an example module in the |
The current behavior of
phauxth
installer is to provide either:api
switch is used.It would be nice to have additional switch for the installer to specify a JSON API setup based on session / cookie storage (not tokens) since storing the token inside a session cookie provided best security (compared to storing it for example in local storage by the client side JS application).
You are welcome to join the discussion here:
Sending cookies for stateless SPA authentication using JWT
The text was updated successfully, but these errors were encountered: