search

pow-auth / pow_assent

Multi-provider authentication for your Pow enabled app
https://powauth.com
MIT License
318 stars 50 forks source link

"Additional PowAssent config possible" mention in the docs #224

Closed FilipJakab closed 1 year ago

FilipJakab commented 1 year ago

Hello, just spent some time searching the code base for when and how is the auth session cookie created because we have a security requirement that this cookie needs to have secure and HttpOnly flags. Could you please add a mention in the docs that this can be configured like so:

@pow_options [
    otp_app: :hello_web,
    # ...
    pow_assent: [
      auth_session_cookie_opts: [
        secure: true,
        http_only: true
      ]
    ]
  ]

# ... 

plug Pow.Plug.Session, @pow_options

Thanks