Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Using HTTP-Only cookies for access tokens

Using HTTP-Only cookies for access tokens

My Question or Issue

I have set up a Node app that follows the OAuth authorization flow with PKCE, but I can only receive access tokens in the HTTP response body. Ideally I want to use HTTP-only cookies as I would if I was using my own server to avoid XSS or CSRF attacks. Is there any way to do this with the API without creating my own cookies through a server?

Reply
0 Replies

Suggested posts

Staff
Let's introduce ourselves!

Hey there you,   Yeah, you! ๐Ÿ˜   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and getโ€ฆ

Staff
ModeratorStaff / Moderator/ 3 years ago  in Social & Random

Type a product name