Introduced new feature - the httpOnly property is available inside of refreshToken for the OaAuth2 scheme. When this is enabled the refresh token if available, will be made into an httpOnly cookie. By default this is disabled as it is experimental.
This option is not available for the access_token for the time being, due to the complexity of the module.
Module Options
tokenValidationInterval - boolean | number - When set to true, the default interval is 1000ms otherwise you can set the interval manually in ms. This will periodically validate the access_token to check if it's expired, this is similar to the resestOnError/resetOnResponseError options, but this is done in an interval.
Changes & Additions
OAuth2
Introduced new feature - the
httpOnly
property is available inside ofrefreshToken
for the OaAuth2 scheme. When this is enabled the refresh token if available, will be made into an httpOnly cookie. By default this is disabled as it is experimental.This option is not available for the
access_token
for the time being, due to the complexity of the module.Module Options
tokenValidationInterval
-boolean | number
- When set to true, the default interval is 1000ms otherwise you can set the interval manually in ms. This will periodically validate theaccess_token
to check if it's expired, this is similar to theresestOnError/resetOnResponseError
options, but this is done in an interval.