We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This repo still stores the JWT in the browser. A few modifications can be made to make it follow the BFF patern for more secure token use.
The secret store could set the token when the user logs in:
store.Options(sessions.Options{ Path: "/", HttpOnly: true, Secure: true, })
The logout will also need to clear the session as well:
// get session details (cookie) authSession := sessions.Default(ctx) // clear details (logout) authSession.Clear() authSession.Options(sessions.Options{ MaxAge: -1, // This instructs the browser to delete the cookie Path: "/", HttpOnly: true, Secure: true, })
No response
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Checklist
Describe the problem you'd like to have solved
This repo still stores the JWT in the browser. A few modifications can be made to make it follow the BFF patern for more secure token use.
Describe the ideal solution
The secret store could set the token when the user logs in:
The logout will also need to clear the session as well:
Alternatives and current workarounds
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: