AUTH WEB - convert session state to cookies to accommodate URL changes

[JohnamLane]

In order to prevent issues with our new URLs, AUTH WEB must be converted to use cookies vs session state.

Considerations:

• This will include the move from session state > cookies
• Must include an update to each BCROS application so they use cookies (discussion required)

[thorwolpert]

Should use the 2 default packages in the Vue ecosystem.

• https://vueuse.org/integrations/useCookies (Vue3 Apps)

• https://nuxt.com/docs/api/composables/use-cookie (Nuxt3 Apps)

• Drop localstorage

• Put refresh token in httpOnly Cookie

• Bearer token in memory

Bring in as part of our OIDC review.

[seeker25]

Patrick said we're not doing the cookie right now, he's going to rework namerequest so it doesn't rely on the session storage. Moving this out of the sprint, we can address this later.

We want to do this for nameRequest NR information.

Domain=.bcregistry.gov.bc.ca

This is what happens currently:

Would require changes in auth-web and namerequest

https://github.com/bcgov/sbc-auth https://github.com/bcgov/namerequest

[pwei1018]

~Patrick said we're not doing the cookie right now, he's going to rework namerequest so it doesn't rely on the session storage. Moving this out of the sprint, we can address this later.~

We want to do this for nameRequest NR information.

Domain=.bcregistry.gov.bc.ca

This is what happens currently:

Would require changes in auth-web and namerequest

https://github.com/bcgov/sbc-auth https://github.com/bcgov/namerequest

I rework the namerequest, namex api and auth api. So it doesn't rely on the session storage.

[seeker25]

Closing for now.