You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have worked on projects where the API is consumed by web apps and native apps. I store the jwt in a httponly cookie, which is used by the web app. For the native app, I pass the refresh-token as a response payload upon a successful authentication which comes in handly when refreshing the token.
For dj_rest_auth, when JWT_AUTH_HTTPONLY is set to true, the refresh token is not passed in the response payload, hence I can't refresh the token since I have no access to the refresh token in the cookie.
Is there a way or a work around I can use so that the refres_token is sent when JWT_AUTH_HTTPONLY is set to true?
The text was updated successfully, but these errors were encountered:
If you're using http only cookies, you shouldn't pass the refresh token in the payload. The JS client code shouldn't have access to the refresh token.
It's the backend responsibility to refresh the token. The client should only send an HTTP POST request to dj-rest-auth/token/refresh/ and let the backend do the rest.
I have worked on projects where the API is consumed by web apps and native apps. I store the jwt in a httponly cookie, which is used by the web app. For the native app, I pass the refresh-token as a response payload upon a successful authentication which comes in handly when refreshing the token.
For
dj_rest_auth
, whenJWT_AUTH_HTTPONLY
is set to true, the refresh token is not passed in the response payload, hence I can't refresh the token since I have no access to the refresh token in the cookie.Is there a way or a work around I can use so that the refres_token is sent when
JWT_AUTH_HTTPONLY
is set to true?The text was updated successfully, but these errors were encountered: