This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Authorization token in cookie

Posted on 07-26-2022 06:26 AM
RAUL2
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Team,

I am getting a bearer token in httpOnly cookie from Single page application and want to validate it at Apigee side. This bearer token will also have data related to permissions.

1. How can I Extract bearer token from cookie in Apigee?

2. Is this good practice to fetch token from cookie?  I want to store this token locally so I want to keep it in cookie only.

Help me out

@anilsagar  need your suggestions help me out, Thanks in advance.

 

0 1 1,910
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I am getting a bearer token in httpOnly cookie from Single page application and want to validate it at Apigee side.

You can use the ExtractVariables policy to extract things out of a Header, like "Cookie". Check the documentation for how to use it. In the policy configuration, you can specify the source variable as request.header.cookie . If you show what the cookie looks like, someone (maybe me) might be able to make a detailed specific suggestion for the configuration of the policy.

Is this good practice to fetch token from cookie? I want to store this token locally so I want to keep it in cookie only.

For SPA, sure, that's an easy way to do it. The OAuth model recommends that tokens should be sent in the Authorization header, not in a Cookie. But for SPA it may be that the cookie is a nicer, easier way to manage and transmit the token.

0 Likes
Top Solution Authors
View all