wp-graphql
Adds Option to define if a cookie should be set on login.
So the idea is to give an option to enable this behaviour.
One option would be to be able to define something in wp-config.php like so:
define( 'GRAPHQL_JWT_AUTH_SET_COOKIES', true );
Then the authenticate_user function would use wp_signon with cookies set to true instead of wp_authenticate.
I for example need the cookie to be set, so I can use it for the protected Downloads in WooCommerce.
Could be related to this issue: #73 We could use this approach to also set the RefreshToken as a HttpOnly cookie. Then you could decide to use the JWT in a HttpOnly environment if you need/want to, or still just take it from the response and handle it yourself.
Open for suggestions on how to approach this though. This one works fine for me so far.
Maybe this would rather make sense as a boolean filter in the registration/login mutation?