Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh Token without Service Worker but with HTTP Only Cookies #1357

Open
bogdanbz93 opened this issue Apr 25, 2024 · 2 comments
Open

Refresh Token without Service Worker but with HTTP Only Cookies #1357

bogdanbz93 opened this issue Apr 25, 2024 · 2 comments

Comments

@bogdanbz93
Copy link

bogdanbz93 commented Apr 25, 2024
edited

Hi!

I may be new to this domain. My API server sends the refresh_token as an http only cookie. Since it doesn't come directly in the response, how can I refresh the token by sending it back?

Thanks!
@guillaume-chervet
Copy link
Contributor

hi @bogdanbz93 ,

You need to use silent signin : https://github.com/AxaFrance/oidc-client/blob/main/FAQ.md#condition-to-make-silent-signing-work
and do not ask for scope offline_access which bring refresh_token.

In 2024 it will works well only if your OIDC provider is under the same Domain than your application.

@bogdanbz93
Copy link
Author

Thanks @guillaume-chervet,

Hmm, but how can I insert credentials: "include" to get my Cookie from my token endpoint, first?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@guillaume-chervet @bogdanbz93