I would like to implement a custom strategy which sets a cookie on the response, but custom strategies do not appear to have access to the response object. Is there an appropriate way to do this?
My authentication is initially via google oauth2, with the id_token then validated using an internal authentication and authorisation service. That service provides me with a token to use to authenticate subsequent requests, and a refresh token to generate new tokens when that token expires.
The oauth2 strategy also doesn't allow me to set a cookie directly, so the route handler for the oauth callback route sets the cookie instead.
This a viable (if daft) workaround for the other routes that use the cookie/token auth strategy I want to implement - add another bit of middleware that just sets the cookie based on the extracted user.
I would like to implement a custom strategy which sets a cookie on the response, but custom strategies do not appear to have access to the response object. Is there an appropriate way to do this?
My authentication is initially via google oauth2, with the id_token then validated using an internal authentication and authorisation service. That service provides me with a token to use to authenticate subsequent requests, and a refresh token to generate new tokens when that token expires.
The oauth2 strategy also doesn't allow me to set a cookie directly, so the route handler for the oauth callback route sets the cookie instead.
This a viable (if daft) workaround for the other routes that use the cookie/token auth strategy I want to implement - add another bit of middleware that just sets the cookie based on the extracted user.
Is there a better way to manage this?