[keycloak-user] Understanding access token storage
Matteo Restelli
mrestelli at cuebiq.com
Tue Apr 30 07:06:01 EDT 2019
Hi all,
As far as i know, the best practice for a Single Page Application is to
have the access token stored inside an HttpOnly Cookie. This means that the
token endpoint must return tokens into a cookie provided with the response.
Am i right? If yes, how can i achieve this behaviour?
Thank you very much,
Matteo
--
Like <https://www.facebook.com/cuebiq/> I Follow
<https://twitter.com/Cuebiq>I Connect
<https://www.linkedin.com/company/cuebiq>
This email is reserved
exclusively for sending and receiving messages inherent working activities,
and is not intended nor authorized for personal use. Therefore, any
outgoing messages or incoming response messages will be treated as company
messages and will be subject to the corporate IT policy and may possibly to
be read by persons other than by the subscriber of the box. Confidential
information may be contained in this message. If you are not the address
indicated in this message, please do not copy or deliver this message to
anyone. In such case, you should notify the sender immediately and delete
the original message.
More information about the keycloak-user
mailing list