Assigned
Status Update
No update yet.
Comments
va...@google.com
ku...@google.com
Hello,
Thank you for reaching out to us!
I tried to reproduce this issue at my end. However, I am getting the intended behavior.
Please check the
Please let me know if that helped you with your use case and if there is anything else you would need assistance with.
Thank you
Description
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish:
I would like to be able to set that the JWT token is available in a Cookie, instead of Header or query parameter
How this might work:
You tell API Gateway that the JWT token is available in cookie with a specific name (or API gateway specifies the name)
If applicable, reasons why alternative solutions are not sufficient:
We're setting up a fairly large SPA which we will have a global load balancer in front of it. So the API gateway is used for browser traffic only. To send it in the headers we need to store the JWT in javascript, which is not recommended. If we don't store the JWT, the session is lost on things like "open in a new tab"
Other information (workarounds you have tried, documentation consulted, etc):
You can set a JWT in a javascript accessible cookie, then store another session cookie with httpOnly sameSite=Strict and use API Gateway to validate the first one and validate the second one yourself. Not pretty, but it works. Kind of :)