New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alternative on transporting access token #12
Comments
Another thing is we are already using session for the oauth process anyway, especially for the |
I think that's doable. I'm thinking about introducing a new option under the |
@simov i am fine with that, thx for looking into it! |
@bitinn I just added support for session transport type (you can check out the last 2 commits if you want) So if you set I'll let you know when it's published. |
Looks good, i am ready to try it out when it lands 👍 |
Version 3.1.0 is published on NPM changelog |
Currently the design is to do another redirect with GET, where querystring contains the access token. 2 things of this approach concerns me:
/connect/:provider/callback
route is safe because the GET route is called with a randomizedstate
.In my previous projects I usually do that through sessions, it means:
Just something to consider.
The text was updated successfully, but these errors were encountered: