💡 [REQUEST] - support "cookie" config option for access across sub-domains

[mundanelunacy]

Summary

support for domain-wide cookies so applications that need tokens to persist across sub domains

Basic Example

1. User logs in at an app https://app.example.com with token stored at a cookie associated with ".example.com" domain
2. User able to access https://profile.example.com using token from

Drawbacks

setting cookie potentially conflicts with cookies of other libraries (?)

Unresolved questions

No response

Implementation PR

No response

Reference Issues

No response

[mundanelunacy]

Hi. Submitted a PR for review.

The additional code does the following:

1. Moved the state code out of AuthContext and into the useStorage hook
2. Added useCookieStorage to Hooks.tsx that mirrors functionality of useBrowserStorage
3. If config.storage==='cookie' then useStorage uses the state for useBrowserStorage

Optionally, config.baseDomain can be set to manually set the cookie domain.

[soofstad]

Hi,
The library will not adopt cookie support at this point.
A few reasons:

1. It's a non-recommended way of storing tokens (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps-14#section-9.1)
2. It's a very uncommon for modern OAuth2 servers to use Cookies to send back tokens (do you have any examples?)
3. Cross domain/subdomain tokens kind of defeats the purpose with OAuth2. Each application should have a token that is scoped to exactly that application only. Logging in and getting new tokens for each app should not be a big hurdle as it's common to have Cookies to authenticate towards the SSO auth-server.

Only reason to implement this would be to support some rare, old?, authentication providers, who are not following best practices. Which I'm not inclined to do.
I'd rather have this library support only recommended methods and pattern.