Cookies are saved unencrypted in browser, is the enc mech implemented or am i missing something ?

[raj-saroj-vst-au4]

To reproduce,

1) Login via ur provider 2) Open browser > goto app(localhost:3000) > dev console > applications > cookies > localhost:3000

There you can find the access_token which u can copy paste to JWT.io to confirm.

[aborn]

access_token is used to access useinfo, which don't have to encrypt. BTW, the user info is encrypted default in browser.

[raj-saroj-vst-au4]

thank you so much for the logger fix but, How do i get access_token ? for context i have a backend api in which i have to pass access_token in headers. I tried useCookie("access_token") but it doesnt work. However useCookie("refresh_token") works, just for info am not having any prefix on cookies.

[aborn]

For front-end, this package's accesstoken cookie has cookiePrefix setting. as follwos is 'oidc.'

For what's your case, your should change it to '' . Then you'll find the cookie key becomes 'access_token' .

Nuxt your can use useCookie api to get the value.

[raj-saroj-vst-au4]

Yes i tried that but it doesn't work with or without the prefix, however useCookie("refresh_token") works with or without prefix... is there any other method or api from which i can get access_token ?

[DavidTHoy]

I am experiencing the same issue.

The nuxt useCookie('access_token') returns undefined for me, even though I see the cookie in my browser storage as 'access_token'. Is there any other way to safely get the token?

[DavidTHoy]

I was able to figure this out. @raj-saroj-vst-au4

Go into your nuxt.config and change the httpOnly flag to false like so:

access_token: { httpOnly: false, secure: false, }

That fixed it for me

[raj-saroj-vst-au4]

@DavidTHoy am building a production app is there any other way to get access token while setting secure true ? Like storing it in pinia and updating state from a composable or something ?