Open andrewalex opened 2 years ago
To add a little more security to my web applications I'd like to make my JWT's http only cookies. This is currently possible by setting https://hasura.io/docs/latest/auth/authentication/jwt/#header
However, doing so would break all the other apps (mobile apps) currently using Authorization Headers.
As described here, I'd like to be able to set an array of authentication options instead of a single object. https://hasura.io/docs/latest/auth/authentication/jwt/#header
header: [ {"type": "Authorization"} {"type": "Cookie", "name": "cookie_name"} ]
More amazingly would be to also allow {"type": "webhook", "url": "http://hasurarocks.io"} This would likely require additional refactoring
@andrewalex additional info (from your chat in Discord) would be super helpful for the team to contextualise this ask!
Is your proposal related to a problem?
To add a little more security to my web applications I'd like to make my JWT's http only cookies. This is currently possible by setting https://hasura.io/docs/latest/auth/authentication/jwt/#header
However, doing so would break all the other apps (mobile apps) currently using Authorization Headers.
Describe the solution you'd like
As described here, I'd like to be able to set an array of authentication options instead of a single object. https://hasura.io/docs/latest/auth/authentication/jwt/#header
header: [ {"type": "Authorization"} {"type": "Cookie", "name": "cookie_name"} ]
More amazingly would be to also allow {"type": "webhook", "url": "http://hasurarocks.io"} This would likely require additional refactoring
Describe alternatives you've considered