search

zitadel / zitadel-go

ZITADEL Go - The official client library of ZITADEL for an easy integration into your Go project.
https://zitadel.com
Apache License 2.0
73 stars 29 forks source link

Add option to store token in cookie #337

Open comsma opened 6 months ago

comsma commented 6 months ago

I want to change the authentication package to allow the token returned from Zitadel to the callback to be stored directly in the cookie rather than associating it with a session id and storing the actual token in a session context.

My current issue with storing the token in a session is that the authentication session does not survive a server restart. This also produces a challenge when scaling the api horizontally as other instances do not have access to that session ID. Another change i would be okay with is using a centralized database to store these session ids with tokens. Perhaps an option when initializing the Authenticator that lets you pass a session store that matches the existing interface.

hifabienne commented 6 months ago

Thank you for sharing your idea. If there is a significant demand from customers/community, we will carefully consider implementing the feature. Currently, the issue will be added to our product backlog to collect feedback.

Meanwhile, if you're interested in implementing it yourself, we also welcome pull requests.

brianfeister commented 4 months ago

+1 on this. I'm building on a Go AWS Lambda API Gateway, so the horizontal scaling issue will be a problem for me as well!