When testing my register and login functions from my front end application, I found that the CSRF cookie was not appearing. I was able to confirm that my backend api never sent it once trying one of my jwt_required functions.
When I test this with the Swagger UI though, I'm finding that it does send a cookie containing the JWT, but that this resides in the http://127.0.0.1:8000/ url.
I'm not sure why the cookie isn't being sent to the front end, as I passed in a response object to set_access_cookies.
@router.post("/login")
async def login_user(user:LoggedInUser, response: Response, auth: AuthJWT = Depends()):
existing_user = await users_coll.find_one({"username": user.username})
print(existing_user)
if not existing_user:
raise HTTPException(status_code=400, detail="Incorrect username")
elif not pwd_context.verify(user.password, existing_user["passwordHash"]):
raise HTTPException(status_code=400, detail="Incorrect password")
else:
#Create, store, and return a JWT in a cookie
token = auth.create_access_token(subject=user.username)
auth.set_access_cookies(token, response=response)
return {"msg": "User successfully logged in"}
When testing my register and login functions from my front end application, I found that the CSRF cookie was not appearing. I was able to confirm that my backend api never sent it once trying one of my jwt_required functions.
When I test this with the Swagger UI though, I'm finding that it does send a cookie containing the JWT, but that this resides in the http://127.0.0.1:8000/ url.
I'm not sure why the cookie isn't being sent to the front end, as I passed in a response object to set_access_cookies.