Version 1.2 adds the possibility to access protected resources by using the X-Auth-Token header in requests, without the cookie.
As last step in authentication is the redirect, it isn't possible to return JWT in response header including the cookie, but it can be fetched from document.cookie under the name "auth".
Version 1.2 adds the possibility to access protected resources by using the X-Auth-Token header in requests, without the cookie.
As last step in authentication is the redirect, it isn't possible to return JWT in response header including the cookie, but it can be fetched from
document.cookieunder the name "auth".