simov
commented
3 months ago No, Grant relies on session to persist state during the OAuth flow. But that is a login session only, it is not meant to be used as persistent session for your app. Depending on how you setup Grant the session won't contain any sensitive data, so even if you are using a cookie store it will be safe. After the login is complete you can destroy the session and delete the cookie if you want.
Thanks for the great lib. So, actually, the question is in the title. Is it possible to use grant without a cookie/session?