Extract JWT from Cookie #65

ismell · 2017-01-10T15:35:07Z

I would like to secure a webapp. It would be nice if the JWT access token could be stored in a cookie instead of requiring the Authorization HTTP header.

A configuration like JWT_COOKIE_NAME=AuthToken would configure the auth function to look at the cookie.

The text was updated successfully, but these errors were encountered:

tarekrached · 2017-02-27T17:05:27Z

+1 on this. Without it, I don't see how to secure static assets that are not accessed via XMLHttpRequest or fetch, where we don't have control of the request headers.

neurofoo · 2017-07-26T16:57:20Z

+1. recently run into the same issue as @tarekrached re: static pages

wstam88 · 2017-09-02T09:07:24Z

// if there is no auth header
if auth_header == nil then
        // check cookie for token
        if ngx.var.cookie_token ~= nil then
            token = ngx.var.cookie_token;
        elseif ngx.var.arg_token == nil then
            ngx.exit(ngx.HTTP_UNAUTHORIZED)
        else
            // also check voor token in query params (?token=...)
            token = ngx.var.arg_token;
        end
    else
        // use auth header if there
        token = auth_header;
    end

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Extract JWT from Cookie #65

Extract JWT from Cookie #65

ismell commented Jan 10, 2017

tarekrached commented Feb 27, 2017

neurofoo commented Jul 26, 2017

wstam88 commented Sep 2, 2017 •

edited

Loading

Extract JWT from Cookie #65

Extract JWT from Cookie #65

Comments

ismell commented Jan 10, 2017

tarekrached commented Feb 27, 2017

neurofoo commented Jul 26, 2017

wstam88 commented Sep 2, 2017 • edited Loading

wstam88 commented Sep 2, 2017 •

edited

Loading