I am requesting to the developers of this repository to include the "refresh token" instead of access token as a http only cookie(HttpOnly=true) along with sessionid(HttpOnly=true) and csrftoken(HttpOnly=false) as a response to the /dj-rest-auth/login/ (POST) endpoint.
The reason being "refresh_token" is not included in the response data and also not set as a HttpOnly cookie makes it difficult to get hold of the refresh token (from the django server) when the access token expires.
Setting refresh token as a HttpOnly cookie and access token in the response data will help to access both tokens at the appropriate point in the code.
Hello,
I am requesting to the developers of this repository to include the "refresh token" instead of access token as a http only cookie(HttpOnly=true) along with sessionid(HttpOnly=true) and csrftoken(HttpOnly=false) as a response to the /dj-rest-auth/login/ (POST) endpoint.
The reason being "refresh_token" is not included in the response data and also not set as a HttpOnly cookie makes it difficult to get hold of the refresh token (from the django server) when the access token expires.
Setting refresh token as a HttpOnly cookie and access token in the response data will help to access both tokens at the appropriate point in the code.
Please let me know your thoughts on this.
Thanks, A.