mblackgeo / flask-cognito-lib

A Flask extension that supports protecting routes with AWS Cognito following OAuth 2.1 best practices
https://mblackgeo.github.io/flask-cognito-lib/
MIT License
59 stars 18 forks source link

`secure=True` `set_cookie` option for the access token in `cognito_login_callback` may break testing in localhost #14

Closed Castdeath97 closed 3 months ago

Castdeath97 commented 1 year ago

This flag seems to cause the access token cookie to be ignored in some browsers:

Changing this line is probably a bad idea security wise, so better just leave a note somewhere about this potential quirk in the README for people facing this issue during local testing purposes.