Is Storing Access_Token in Server-Side Cookies a Best Practice for API Validation? #463
Comments
|
@zuko-firelord yes u can also validate it using session_token, but make sure that cookie is present. |
|
@lakhansamani i couldnt find any function in authorizer-go related to validating APIs using the session_token. could you let me know the name of the function? |
|
i want to raise a PR for an example of authorizer-nextjs15 with middleware functionality and implement the backend authorize API. im not good at frontend stuff, but i'll give it a shot. Where should I push my code? |
|
@zuko-firelord thanks |
ive raised a pr...please cross-check that logics are correct, did it very short amt of time...pardon me for ui |
? |
|
@zuko-firelord there is API However this needs cookie and token cannot be passed in request and will return new session for security reasons. |
I am using Next.js 15 for the frontend and a Go backend. While reviewing the example of authorizer-nextjs, I noticed that the access_token is stored in a server-side cookie that can be use for validating API requests in middleware.
Is this approach secure and recommended?
If I decide not to store the access_token on server-side cookie, can I validate API requests using a session_token instead?
The text was updated successfully, but these errors were encountered: