Thanks for the article, I like the approach. I was wondering what your thoughts are on jwt auth with serverless or mixing oauth and jwt to get around rate limiting etc and avoid cookies?
Cookies are being used only as a mechanism to execute the OAuth flow successfully. It's a built-in feature in browsers and it's well understood concept. Depending on the cookie configuration you set on your end you can expire the session after you receive the access tokens.
As for JWT tokens, once you receive back the credentials from the OAuth flow, you can generate a JWT and return that to the user.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for the article, I like the approach. I was wondering what your thoughts are on jwt auth with serverless or mixing oauth and jwt to get around rate limiting etc and avoid cookies?
Hi @Gregory, I'm glad you like the article.
Cookies are being used only as a mechanism to execute the OAuth flow successfully. It's a built-in feature in browsers and it's well understood concept. Depending on the cookie configuration you set on your end you can expire the session after you receive the access tokens.
As for JWT tokens, once you receive back the credentials from the OAuth flow, you can generate a JWT and return that to the user.