robrap
commented
3 years ago Not sure if this will help you or not. We decided to split our token across two cookies to make the signature HttpOnly. You can read more about our decision here: https://github.com/edx/edx-platform/blob/master/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0009-jwt-in-session-cookie.rst. We used Django middleware to take our two cookies and create the expected cookie on the backend.
Hi,
I want to use httpOnly cookies for storing the token, which works already as expected, but the verify_jwt_token view expects the token being sent as payload in the body!?
Is there a way to verify a token passed as httpOnly cookie?