moves JWT access token from local storage to HTTP only, secure and signed cookie
adds /me route to check access and load user info on app boot
removes user data from local storage
Subtask of #632.
QA Note: (cc @kjuej @markolovric)
Full regression focused on authentication would be preferable since this is impacting authentication on the whole platform.
N.B.: For this to work properly locally please make sure that your .env values are set to
HOSTNAME=localhost
PROTOCOL=http
Also, please test with both scenarios - setting (new) AUTH_JWT_COOKIE_SECRET env value to any string or leaving it empty (this will make cookies signed or unsigned respectively).
underscope
commented
3 years ago
This PR:
/meroute to check access and load user info on app bootSubtask of #632.
QA Note: (cc @kjuej @markolovric)
Full regression focused on authentication would be preferable since this is impacting authentication on the whole platform. N.B.: For this to work properly locally please make sure that your
.envvalues are set toAlso, please test with both scenarios - setting (new)
AUTH_JWT_COOKIE_SECRETenv value to any string or leaving it empty (this will make cookies signed or unsigned respectively).