moves JWT access token from local storage to HTTP only, secure and signed cookie
adds /me route to check access and load user info on app boot
removes user data from local storage
Subtask of #632.
QA Note: (cc @kjuej @markolovric)
Full regression focused on authentication would be preferable since this is impacting authentication on the whole platform.
N.B.: For this to work properly locally please make sure that your .env values are set to
HOSTNAME=localhost
PROTOCOL=http
Also, please test with both scenarios - setting (new) AUTH_JWT_COOKIE_SECRET env value to any string or leaving it empty (this will make cookies signed or unsigned respectively).
This PR:
/me
route to check access and load user info on app bootSubtask of #632.
QA Note: (cc @kjuej @markolovric)
Full regression focused on authentication would be preferable since this is impacting authentication on the whole platform. N.B.: For this to work properly locally please make sure that your
.env
values are set toAlso, please test with both scenarios - setting (new)
AUTH_JWT_COOKIE_SECRET
env value to any string or leaving it empty (this will make cookies signed or unsigned respectively).