oauth: document the use of id_token cookie

authcrunch / authcrunch.github.io

Documentation for Caddy v2 Auth Portal and Authorize Plugins.

77 stars 32 forks source link

oauth: document the use of id_token cookie #28

Open greenpau opened 2 years ago

greenpau commented 2 years ago

The following directive enabled the adding of id_token token via a cookie. The cookie_name, e.g. `X-ID-Token", is optional.

oauth identity provider <name> {
  enable id_token cookie [<cookie_name>]
}

The cookie value could be retrieved together with the regular whoami payload by adding id_token=true URL param.

https://<auth_portal>/whoami?format=json&id_token=true

cdebadri commented 9 months ago

is it possible to add refresh_token as well in this manner?

greenpau commented 9 months ago

@cdebadri , refresh token?

cdebadri commented 9 months ago

Hi @greenpau , I'm using caddy-security for authentication with azure SSO. I understand this might not be the right place to ask about that. But I'm not getting the refresh_token as cookie post auth. Is there any setting which can be enabled to have refresh_token along with access_token?