oidc-client icon indicating copy to clipboard operation
oidc-client copied to clipboard

Published 20 hours ago verified publisher icon AxaFrance

Refresh Token without Service Worker but with HTTP Only Cookies

Open bogdanbz93 opened this issue 10 months ago • 2 comments

Hi!

I may be new to this domain. My API server sends the refresh_token as an http only cookie. Since it doesn't come directly in the response, how can I refresh the token by sending it back?

Thanks!

bogdanbz93 avatar Apr 25 '24 12:04 bogdanbz93

hi @bogdanbz93 ,

You need to use silent signin : https://github.com/AxaFrance/oidc-client/blob/main/FAQ.md#condition-to-make-silent-signing-work and do not ask for scope offline_access which bring refresh_token.

In 2024 it will works well only if your OIDC provider is under the same Domain than your application.

guillaume-chervet avatar Apr 25 '24 19:04 guillaume-chervet

Thanks @guillaume-chervet,

Hmm, but how can I insert credentials: "include" to get my Cookie from my token endpoint, first?

bogdanbz93 avatar Apr 26 '24 11:04 bogdanbz93