Reputation: 223
How to use access token that was saved as httpOnly cookie in authentication header?
upon authentication stormpath express sets access token as httpOnly cookie in browser but how can I get the access token from the cookie to put it in authorization header as Authorization: Bearer ey..access_token? The token worked when I manually did the request using curl.
Upvotes: 0
Views: 936
Answers (1)
Reputation: 4903
The express-stormpath library uses http-only cookies by default, when you post to the /login route, as they are more secure (by preventing access from the JavaScript environment, they cannot be stolen by XSS attacks).
If you need to access the tokens from the JavaScript environment, you should make a post to the /oauth/token endpoint, and you will receive the tokens in the HTTP response body.
This workflow is described here:
https://docs.stormpath.com/nodejs/express/latest/authentication.html#oauth2-password-grant
Upvotes: 2
Related Questions
- Authenticating the request header with Express
- How to store Access token value in javascript cookie and pass that token to Header using AJAX call
- express - How to read HttpOnly cookie in request to API?
- How to assign bearer token to authorization header in javaScript
- How can I access the token which is saved in the header using angular
- Axios - extracting http cookies and setting them as authorization headers
- Including web token in http requests
- How store header x-access-token value after login, so that all routes can benefit, in Express.js
- How to store authentication bearer token in browser cookie using AngularJS
- How Jsonwebtoken save token in header in node.js express