-
|
Hey there! I'm trying to build a small thing and integrate your auth plugin for the first time, so I might just be missing something here, but I can't seem to access a protected path using Postman with the token cookies. I'm able to login and receive two cookies, one with a JWT and one with a XSRF-TOKEN, both populated, but when I try to use there cookies (happens automatically) in Postman while sending a request to a path protected with Any ideas why this might be happening? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
It is hard to tell what is missing in your case or if the postman does something unexpected. The best way to figure is to debug milldeware.Auth function and see what it gets |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the idea, I did that and I found out that the Cookie is being filtered for the JWT token name, therefore the XSRF token was not being collected and the issue was that that token was not found, hence 400 Unauthorized. I disabled XSRF via auth options and now everything works fine. |
Beta Was this translation helpful? Give feedback.
-
|
I'm not entirely sure of the application or service for which you're using this library, but disabling XSRF could expose your system to CSRF (Cross-Site Request Forgery) attacks. I assume you're developing a web application. In this context, your frontend should respond by sending back the XSRF header. The option to disable XSRF is typically used for service-to-service authentication, a scenario in which CSRF doesn't present an issue. |
Beta Was this translation helpful? Give feedback.
It is hard to tell what is missing in your case or if the postman does something unexpected. The best way to figure is to debug milldeware.Auth function and see what it gets