Modify POST /api/auth/login to Return Both Tokens #31

Closed
opened 2025-10-17 23:25:40 +00:00 by Rodrigo2003-PT · 0 comments
Rodrigo2003-PT commented 2025-10-17 23:25:40 +00:00 (Migrated from github.com)

The login endpoint must be updated to provide both the access and refresh tokens.

Tasks:

  • On successful login, call both token_service.generate_token and the new generate_refresh_token function.
  • Return both the access_token and refresh_token in the 200 OK response.
  • Consider returning the refresh_token as an HttpOnly, Secure, SameSite=Strict cookie to mitigate XSS attacks.
The login endpoint must be updated to provide both the access and refresh tokens. Tasks: - On successful login, call both `token_service.generate_token` and the new `generate_refresh_token` function. - Return both the `access_token` and `refresh_token` in the `200 OK` response. - Consider returning the `refresh_token` as an `HttpOnly`, `Secure`, `SameSite=Strict` cookie to mitigate XSS attacks.
Sign in to join this conversation.
No description provided.