CustomCredentialsProvider and wanting to know how to configure/implement this pattern:
When JS client Authenticates, get back a HTTPOnly cookie containing the
refresh_token (could also have the
access_token), but need the
access_token in the JSON response as well. (JS client needs to read the
access_token and store in memory, and put in cross-origin Authorization header).
JS client then needs at anytime, to refresh the
access_token. Ideally by calling AuthN server, with
refresh_token_cookie and retrieving a new
refresh_token in a cookie, and a new
access_token in the JSON response.
Is this pattern either Supported or Supportable in the