Announcements

Help Wizard

Step 1

NEXT STEP

Using HTTP-Only cookies for access tokens

Using HTTP-Only cookies for access tokens

My Question or Issue

I have set up a Node app that follows the OAuth authorization flow with PKCE, but I can only receive access tokens in the HTTP response body. Ideally I want to use HTTP-only cookies as I would if I was using my own server to avoid XSS or CSRF attacks. Is there any way to do this with the API without creating my own cookies through a server?

Reply
0 Replies

Suggested posts