Allow to emit the refresh token in the response body instead of a cookie

Follow-up on https://github.com/usefulteam/jwt-auth/issues/1#issuecomment-895468941

Goal
- Add an option or constant to emit the refresh token in the response body instead of a cookie.

Details
- For security reasons with regard to web/browser clients, #33 implemented the refresh token only as a cookie.
- In cases where no web (browser) apps are involved (e.g. only native apps), it would be secure to emit the refresh token as part of the token response body.

Notes
- I have no use-case for this myself, so I will probably not implement it myself. PRs are welcome though.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Allow to emit the refresh token in the response body instead of a cookie #59

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Uh oh!

Uh oh!

Allow to emit the refresh token in the response body instead of a cookie #59

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions