Using the JwtAuthProvider
+ CustomCredentialsProvider
and wanting to know how to configure/implement this pattern:
When JS client Authenticates, get back a HTTPOnly cookie containing the refresh_token
(could also have the access_token
), but need the access_token
in the JSON response as well. (JS client needs to read the access_token
and store in memory, and put in cross-origin Authorization header).
JS client then needs at anytime, to refresh the access_token
. Ideally by calling AuthN server, with refresh_token_cookie
and retrieving a new refresh_token
in a cookie, and a new access_token
in the JSON response.
Is this pattern either Supported or Supportable in the JwtAuthProvider
?