After lot of head banging and lot of waste of time, I have learned that if I use curl to test storing of token into cookie as shown on flask_jwt_extended website
the cookie does not get set but if I use the RESTClient in the browser the cookie does get set.
I tried this curl: curl -H "Content-Type: application/json" -X POST -d '{"username":"test","password":"test"}' http://localhost:5000/token/auth
Using flash_jwt_extended example, if you set verbose mode -v you can see that cookie are set :
* upload completely sent off: 37 out of 37 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: application/json
< Content-Length: 15
< Set-Cookie: access_token_cookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwZjM4Zjg5NC1hNzRmLTQ5NTMtODYwOC1mOTdmNzhmNDIyMWMiLCJleHAiOjE1NDA2MDA4MDEsImZyZXNoIjpmYWxzZSwiaWF0IjoxNTQwNTk5OTAxLCJ0eXBlIjoiYWNjZXNzIiwibmJmIjoxNTQwNTk5OTAxLCJpZGVudGl0eSI6InRlc3QifQ.D-ZGU2Bglb0N1h02yTeV3NBuWjlx7FB0UNG5mkukrHA; HttpOnly; Path=/api/
< Set-Cookie: refresh_token_cookie=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkYTcyZjcyYS00MTU2LTRlYWYtOWEwZC03ODZjMTQ3ZWZjZTUiLCJleHAiOjE1NDMxOTE5MDEsImlhdCI6MTU0MDU5OTkwMSwidHlwZSI6InJlZnJlc2giLCJuYmYiOjE1NDA1OTk5MDEsImlkZW50aXR5IjoidGVzdCJ9.Lhla3ZwhY4vHgOFhmjBxPKnEmi1uoh-WXIwTWj_ibwI; HttpOnly; Path=/token/refresh
< Server: Werkzeug/0.14.1 Python/2.7.13
< Date: Sat, 27 Oct 2018 00:25:01 GMT
<
{"login":true}
* Closing connection 0
If you want to persist cookie between multiple curl command use -c cookie.txt to store cookie in a file cookie.txt and in your other curl command use -b cookie.txt to load them :
curl -H "Content-Type: application/json" \
-d '{"username":"test","password":"test"}' \
"http://localhost:5000/token/auth" -c cookie.txt
curl "http://localhost:5000/api/example" -b cookie.txt
