Store auth token in a cookie

yorkie-team / dashboard

Dashboard is an administrative tool that allows users to manage projects and documents with ease.

https://yorkie.dev/dashboard/

Apache License 2.0

26 stars 14 forks source link

Open hackerwins opened 2 years ago

hackerwins commented 2 years ago

Description:

Store auth token in a cookie.

We implemented the login in https://github.com/yorkie-team/yorkie-house/pull/31 but we store the auth token in localStorage.

Since localStorage can be referenced by JavaScript, storing the token in a cookie is recommended.

Let's store the auth token in a cookie.

Why:

chacha912 commented 1 year ago

There are additional considerations in this issue.

The current Dashboard network structure is as follows. (ref: https://github.com/yorkie-team/dashboard#how-dashboard-works)

The auth token is transmitted as a cookie from the gRPC server. At this point, set the httpOnly and secure options.
The gRPC-web client checks that the cookie is transmitted correctly.
After checking that the cookie is set in the browser, Change the login status in the homepage header.