To enhance security, I store the token in cookie with following code:
class Settings(BaseModel):
authjwt_token_location: set = {'cookies'}
If the tokens are stored in cookies, they are not readable by JS (as HttpOnly flag is ON), expiry time of access token cannot be retrieved, time to call token refresh is unknown.
Access token should be stored in header, or at least able to read.
To enhance security, I store the token in cookie with following code:
If the tokens are stored in cookies, they are not readable by JS (as HttpOnly flag is ON), expiry time of access token cannot be retrieved, time to call token refresh is unknown.
Access token should be stored in header, or at least able to read.