`secure=True` `set_cookie` option for the access token in `cognito_login_callback` may break testing in localhost

mblackgeo / flask-cognito-lib

A Flask extension that supports protecting routes with AWS Cognito following OAuth 2.1 best practices

https://mblackgeo.github.io/flask-cognito-lib/

MIT License

57 stars 15 forks source link

`secure=True` `set_cookie` option for the access token in `cognito_login_callback` may break testing in localhost #14

Closed Castdeath97 closed 3 weeks ago

Castdeath97 commented 1 year ago

This flag seems to cause the access token cookie to be ignored in some browsers:

https://stackoverflow.com/a/60983003

Changing this line is probably a bad idea security wise, so better just leave a note somewhere about this potential quirk in the README for people facing this issue during local testing purposes.