No, your apps can be on different domains, and this would still work. I can't know for sure what went wrong in your case. Maybe the httponly cookie isn't set in the first place, or you're sending the request without the cookie. Until I see the errors or some code, I can't know what's wrong.
No, your apps can be on different domains, and this would still work. I can't know for sure what went wrong in your case. Maybe the
httponly
cookie isn't set in the first place, or you're sending the request without the cookie. Until I see the errors or some code, I can't know what's wrong.Was there a solution to this issue? I'm currently having the exact error when refresh token is called.
Update:
I ran this in the login after grantPasswordToken function:
Log::notice(cookie('refresh_token'));
and here is the response:
refresh_token=deleted; expires=Mon, 28-Oct-2019 22:11:22 GMT; Max-Age=0; path=/; httponly