Possibility to return JWT token via the headers

ajmyyra / ambassador-auth-oidc

OpenID Connect AuthService for Ambassador API Gateway

MIT License

88 stars 35 forks source link

Possibility to return JWT token via the headers #6

Closed sredbull closed 5 years ago

sredbull commented 5 years ago

Currently only tokens in a cookie are supported.

Will it be possible to:

Return the JWT token via the x-auth-token header (or better named header) after login.
Check JWT token if the x-auth-token is present.

Storing cookies to the users browsers seems unneeded in some use-cases.

ajmyyra commented 5 years ago

Sorry for not noticing this sooner! Cookies are certainly not always needed and this should be easily added. Let's see if I'll get it done over the weekend.

ajmyyra commented 5 years ago

@sredbull: Version 1.2 is now out with a possibility to access resources with X-Auth-Token header, removing the need to send cookie. During login, JWT is still only set as a cookie as the last step of authentication involves a redirect where we can't pass headers to the application. Your app can then fetch the JWT through document.cookie.