Allow JWT cookie to be httpOnly

flownative / flow-openidconnect-client

OpenID Connect Client SDK for Flow Framework

MIT License

6 stars 8 forks source link

Allow JWT cookie to be httpOnly #34

Closed bwaidelich closed 3 years ago

bwaidelich commented 3 years ago

Currently the SetJwtCookieMiddleware always creates cookies that are not httpOnly. This should be configurable (per service) for added security.