Open jonthegeek opened 2 years ago
I think I'd want to pass it in a header. Probably still a good idea to encrypt these tokens, even in the cookies. Of course if the app decrypts them... That doesn't do anything useful, so maybe not?
The beginning of the login is the same regardless, with a "Sign in with Slack" button.
When they return from Slack with a code in the URL, ask if it's ok to set a cookie. If yes, set the cookie like we do now, and reload. If they say no, pass the token <in a secure way TBD, maybe just encoded in the url or in the header?>
Show the cookie warning on the auth code version of the page. If they say no, put their token in the url, and then parse it, I think? See what's recommended. Maybe set it with setenv and then load the ui? I'm not sure I can make that work.
Research token in query string first.