Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is Storing Access_Token in Server-Side Cookies a Best Practice for API Validation? #463

Open
zuko-firelord opened this issue Dec 22, 2024 · 0 comments
Open

Is Storing Access_Token in Server-Side Cookies a Best Practice for API Validation? #463

zuko-firelord opened this issue Dec 22, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@zuko-firelord
Copy link

zuko-firelord commented Dec 22, 2024
edited
Loading

I am using Next.js 15 for the frontend and a Go backend. While reviewing the example of authorizer-nextjs, I noticed that the access_token is stored in a server-side cookie that can be use for validating API requests in middleware.
image

Is this approach secure and recommended?
If I decide not to store the access_token on server-side cookie, can I validate API requests using a session_token instead?
@zuko-firelord zuko-firelord added the bug Something isn't working label Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zuko-firelord