There are scenarios where you can’t share cookies with your API server or the API requires you to put the access token in the authorization header. In this case, you won’t be able to use cookies to store your tokens.
JWT with claims, expiry can be used for RESTful API service. No need to store auth tokens in redis. Simply check if incoming JWT cookie is valid or not.
There are scenarios where you can’t share cookies with your API server or the API requires you to put the access token in the authorization header. In this case, you won’t be able to use cookies to store your tokens.