The current solution for storing tokens in cookies is a bit wonky.
Think it would be better to create two shortIds that are concatenated in the cookie when a user signs in. One key is used as a key for kv-storage and the second to AES encrypt the json. This way there's no way to get access to any tokens just by having access to the KV-Storage.
The current solution for storing tokens in cookies is a bit wonky.
Think it would be better to create two shortIds that are concatenated in the cookie when a user signs in. One key is used as a key for kv-storage and the second to AES encrypt the json. This way there's no way to get access to any tokens just by having access to the KV-Storage.