feat: Additional httpOnly token for enhanced security in browsers

2025-12-17 01:11:23 +03:00 · 2024-09-01 09:31:04 +02:00
parent d4043c9726
commit 50519f1bcd
18 changed files with 171 additions and 48 deletions
--- a/client/src/api/access-tokens.js
+++ b/client/src/api/access-tokens.js
@@ -1,15 +1,14 @@
 import http from './http';
-import socket from './socket';

 /* Actions */

-const createAccessToken = (data, headers) => http.post('/access-tokens', data, headers);
+const createAccessToken = (data, headers) =>
+  http.post('/access-tokens?withHttpOnlyToken=true', data, headers);

 const exchangeForAccessTokenUsingOidc = (data, headers) =>
-  http.post('/access-tokens/exchange-using-oidc', data, headers);
+  http.post('/access-tokens/exchange-using-oidc?withHttpOnlyToken=true', data, headers);

-const deleteCurrentAccessToken = (headers) =>
-  socket.delete('/access-tokens/me', undefined, headers);
+const deleteCurrentAccessToken = (headers) => http.delete('/access-tokens/me', undefined, headers);

 export default {
  createAccessToken,