How to pass access token in cookie?

Question

Here is my WebAPI configuration:

services.AddAuthentication("Bearer")
    .AddIdentityServerAuthentication("Bearer", options =>
    {
        options.Authority = "https://localhost:44305/";
        options.ApiName = "ApiOne";
        options.ApiSecret = "secret1";
    });

Here is how it's used from JavaScript (with oidc-client):

var config = {
    userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }),
    authority: "https://localhost:44305/",
    client_id: "client_id_js",
    redirect_uri: "https://localhost:44345/Home/SignIn",
    post_logout_redirect_uri: "https://localhost:44345/Home/Index",
    response_type: "id_token token",
    scope: "openid rc.scope ApiOne ApiTwo"
};

var userManager = new Oidc.UserManager(config);

userManager.getUser().then(user => {
    console.log("user:", user);
    if (user) {
        axios.defaults.headers.common["Authorization"] = "Bearer " + user.access_token;
    }
});

How can I modify this to pass access token in cookies if it's possible at all?

I don't know whether we have an out-of-the-box solution or not. But, We achieved it as follows. Every time, a token gets acquired by a client, it makes an API call to set the token in a cookie and every subsequent call will take the cookie along with it. — hashbytes, Mar 22 '21 at 17:28
@hashbytes thanks, but how to make IS recognize those cookies as tokens? — Vlad, Mar 23 '21 at 07:22
Identity server considers Cookie and ID token, but the client API will care about access token which can come from header or cookie.. — hashbytes, Mar 23 '21 at 17:59
@hashbytes I don't understand how exactly should I setup IS to handle token inside cookies? What the cookie name should be? I don't think it will try to parse normal asp authentication cookies as a token. — Vlad, Mar 24 '21 at 06:41

How to pass access token in cookie?

0 Answers0