Closed wesley-monaro closed 1 year ago
Hi! Do you have some documentation from the provider on how this cookie scheme works? This is not part of the OAuth2 spec, and sounds potentially dangerous. We do try and cater to some non-standard options and parameters, but would like to get some more information and knowledge about potential risks with this first :slightly_smiling_face:
Closing this as inactive, feel free to comment further to have the issue re-opened.
Summary
Hey guys.
I'm not considering it as a bug, because it works fine for some providers. But, sometimes we need pass a credential cookie for custom providers, and by default, the fetch method not sends cookies on HTTP requests.
To resolve it, I just created a request interceptor for the fetch method, adding the property "credentials": "include" in the options object. I'm not sure if it can be added as a parameter on the context configurations, like "allowCookies" or something like that, to be flexible for the dev choose use it or no.
Basic Example
That's the created interceptor:
Drawbacks
Changing the property, you need explicitly the CORS configuration, like the code below.
Unresolved questions
No response
Implementation PR
No response
Reference Issues
No response