FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. nearat
    N
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 1
    • Best 1
    • Controversial 0
    • Groups 0

    nearat

    @nearat

    1
    Reputation
    2
    Profile views
    1
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    nearat Unfollow Follow

    Best posts made by nearat

    • Why does the registration endpoint not set HTTPOnly Cookies with Refresh Token like the Login Endpoint?

      I've noticed that for the registration endpoint when I try to create a user and registration https://fusionauth.io/docs/v1/tech/apis/registrations#create-a-user-and-registration-combined It returns the access and refresh token but they are not set as HTTPOnly cookies. Whereas when I login https://fusionauth.io/docs/v1/tech/apis/login#authenticate-a-user or using identity provider https://fusionauth.io/docs/v1/tech/apis/identity-providers/google#complete-the-google-login I get both the access and refresh token set as HTTPOnly cookies. So why does registration not have this? I want to be able to set my refresh token in a http only cookie after the user registers. In this case, would I need to make another request to the login end point right after registration to set a HTTPOnly cookie with the token? If that is the case, why am i getting the access and refresh token back from the registration call in the first place? Any insight will be greatly appreciated. Thanks!

      posted in Q&A
      N
      nearat

    Latest posts made by nearat

    • Why does the registration endpoint not set HTTPOnly Cookies with Refresh Token like the Login Endpoint?

      I've noticed that for the registration endpoint when I try to create a user and registration https://fusionauth.io/docs/v1/tech/apis/registrations#create-a-user-and-registration-combined It returns the access and refresh token but they are not set as HTTPOnly cookies. Whereas when I login https://fusionauth.io/docs/v1/tech/apis/login#authenticate-a-user or using identity provider https://fusionauth.io/docs/v1/tech/apis/identity-providers/google#complete-the-google-login I get both the access and refresh token set as HTTPOnly cookies. So why does registration not have this? I want to be able to set my refresh token in a http only cookie after the user registers. In this case, would I need to make another request to the login end point right after registration to set a HTTPOnly cookie with the token? If that is the case, why am i getting the access and refresh token back from the registration call in the first place? Any insight will be greatly appreciated. Thanks!

      posted in Q&A
      N
      nearat