Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to emit the refresh token in the response body instead of a cookie #59

Open
sun opened this issue Mar 9, 2022 · 0 comments
Open

Allow to emit the refresh token in the response body instead of a cookie #59

sun opened this issue Mar 9, 2022 · 0 comments

Comments

@sun
Copy link
Collaborator

sun commented Mar 9, 2022

Follow-up on #1 (comment)

Goal

  • Add an option or constant to emit the refresh token in the response body instead of a cookie.

Details

  • For security reasons with regard to web/browser clients, Added refresh token architecture. #33 implemented the refresh token only as a cookie.
  • In cases where no web (browser) apps are involved (e.g. only native apps), it would be secure to emit the refresh token as part of the token response body.

Notes

  • I have no use-case for this myself, so I will probably not implement it myself. PRs are welcome though.
@sun sun mentioned this issue Mar 9, 2022
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sun