search

parse-community / parse-server

Parse Server for Node.js / Express
https://parseplatform.org
Apache License 2.0
20.7k stars 4.76k forks source link

Allow the use of Cookies for authentication #9069

Open R3D347HR4Y opened 3 months ago

R3D347HR4Y commented 3 months ago

New Feature / Enhancement Checklist

Current Limitation

Due to using a SessionToken sent along with each request in the body of the request multiple problems arise: There is no way to operate an application over multiple domains and subdomains without requiring a constant relogging of the user It's impossible to differentiate between authenticated and unauthenticated requests in many CDNs edge functions and so some of the most efficient optimizations are nearly impossible to do (eg. : For every request to Parse Server of unauthenticated users cache the response for 5 min)

Feature / Enhancement Description

Allow for an easy modification of the parse client js sdk and parse server (although that part can easily be done using express.js) to allow users to pass the sessionToken as part of a cookie that could eventually be cross site

Example Use Case

My Application is an online portfolio platform, users are allowed to set a custom domain to it in order to make it theirs, but they should be able to retain authentication in order to send messages and edit their portfolio

Alternatives / Workarounds

Editing the server part in order to transform a cookie into a sessiontoken in the body although impractical is possible in express.js, but I have found no way to override the Rest controller on the Parse SDK JS, the only other way possible would be to implement all parse sdk js from scratch and use a custom axios but this is way too complex

3rd Party References

Mostly every major platform uses cookies for auth

parse-github-assistant[bot] commented 3 months ago

Thanks for opening this issue!