actix-jwt-auth-middleware icon indicating copy to clipboard operation
actix-jwt-auth-middleware copied to clipboard

Published 20 hours ago verified publisher icon michaelvanstraten

allow modifying cookie settings

Open ovalek opened this issue 1 year ago • 5 comments

Allow modifying cookie settings by passing closure with CookieBuilder to cookie_adjust in TokenSigner builder.

As mentioned in https://github.com/michaelvanstraten/actix-jwt-auth-middleware/issues/24, we could change cookie settings when creating the initial access_token or refresh_token, but we couldn't easily change the access_token when it is refreshed. This PR allows to adjust cookie settings (e.g. Path) as follows using cookie_adjust():

TokenSigner::new()
    .signing_key(key.clone())
    .algorithm(Hs256)
    .cookie_adjust(|builder: CookieBuilder| builder.path("/"))
    .build()
    .expect("Error: Could not create a TokenSigner")

ovalek avatar Jun 17 '24 02:06 ovalek

Would passing an initial CookieBuilder also be fine with you? I think it should offer the same level of flexibility with a bit less exposure in the interface. Please speak out if you have a use case where a function is required; it could be that I don't see the full picture here.

michaelvanstraten avatar Jun 27 '24 17:06 michaelvanstraten

As long as I can set path, http_only and same_site parameters for the refreshed access_token I'm fine with it. I added new commit that adds bare CookieBuilder as a parameter. The Cookie::build method requires name and value, that have to be overriden. The builder doesn't have methods to set name/value, so I set these on the final Cookie.

ovalek avatar Jun 28 '24 00:06 ovalek

Any news on this?

MihaelBercic avatar Jun 11 '25 13:06 MihaelBercic

@MihaelBercic As for now I use my forked version since I don't see any other way to configure path and other parameters consistently (not just when creating the initial cookie but also when refreshing). So until it is merged or other way to configure the cookie settings is provided, I just use this in my Cargo.toml:

actix-jwt-auth-middleware = { git = "https://github.com/ovalek/actix-jwt-auth-middleware.git" }

And create token signer with cookie_builder() like this:

TokenSigner::new()
    .signing_key(key.clone())
    .algorithm(Hs256)
    .refresh_token_lifetime(Duration::from_secs(2*168*60*60))
    .cookie_builder(Cookie::build("", "").secure(true).path("/").http_only(true).same_site(SameSite::Strict))
    .build()
    .expect("Error: Could not create a TokenSigner"),

ovalek avatar Jun 11 '25 14:06 ovalek

@ovalek thank you very much! I wasn't aware you're actively using it so I've forked it just in case. I appreciate the fix very much, thank you!

MihaelBercic avatar Jun 11 '25 15:06 MihaelBercic