oidc-client-js icon indicating copy to clipboard operation
oidc-client-js copied to clipboard

Published 20 hours ago verified publisher icon IdentityModel

Send credentials (certificate) when retrieving token

Open 808x88 opened this issue 5 years ago • 5 comments

When conducting the post request to get the token from the idp, we should be able to choose whether we want to send the credentials in the post request so the idp can verify who is calling to get the token with our certificate.

808x88 avatar Feb 26 '20 08:02 808x88

What certificate?

brockallen avatar Jul 21 '20 22:07 brockallen

i would like to include the cookies while sending the token request. is it possible to set xhr.withCredentials = true; in JsonService.js

achebrol avatar Jul 23 '20 18:07 achebrol

This is really required. I am sending the token as a cookie from an api to avoid access token stroring either in session or local storage in the client side. if we dont make withcredentials = true, it ignores the repsonse cookies and cookies are not attached to the subsequent requests..

seeshaarp avatar Oct 21 '20 10:10 seeshaarp

@brockallen There is an open pull request that fixes this issue. Please let me know if there are any changes needed.

npflood avatar Mar 08 '21 20:03 npflood

And if you do something like this. To have your own XMLHttpRequest Factory?

Global.setXMLHttpRequest(function () {
  var request = new XMLHttpRequest();
  request.withCredentials = true;
  return request;
});

kimlukas avatar Apr 21 '21 14:04 kimlukas