Refresh token cookie path from config

[stereodenis]

[aarona]

Is this currently causing you an issue? Do you need to override this?

[stereodenis]

Yep, I'm using "/users" path

Also, I don't understand why this gem use cookies for authorization?

[aarona]

Ok, I'm pretty busy this week and most of next. I'll see if I can tackle this soon. If you're interested, feel free to dig in and fix this on your own. Make a PR and I'll accept it. All the tests need to pass and its possible you'll need to make additional tests for this. There might be some that are currently commented out also.

Now regarding cookies, there's nothing wrong with using them as long as you are storing them properly and securely. The documentation talks about this and the library does this automatically. Also, they need to be cookies so you can use the Apollo refresh token library. This assumes your using React.js or Angular etc as your front end.

I have an example application with React.js complete with the code you need to implement the token refresh feature here. I need to finish updating it so its using React.js 17 but you should be able to look at the code that handles requesting refresh tokens and access tokens.

Read the docs on the main page of this project but I'll sum it up this way: refresh tokens are stored using HTTP Only so JavaScript doesn't have access to them and you should be storing your access tokens in a public JavaScript variable NOT in local storage or as a cookie because that is how your tokens can be misused. I hope that clears up your concerns.

[stereodenis]

Cookie is not setting. Maybe, because I use api url /api/v1/auth/refresh_token