Level 88
What you want is not possible. However you can always retrieve the value from the cookie and put that in the header right? Or am I missing something?
Feb 5, 2018
3
Level 1
API authentication by using "secure cookie attribute" instead of "Header's Authorisation".
By using Passport currently we authenticate the REST API from the "Authorisation attribute in the header which is in the incoming request", is there any other way that to authenticate the REST API from the "cookie attribute" ?
Means, I want to authenticate the API request where "Bearer-Access-Token" is in the "cookie attribute" instead of "Authorisation attribute".
is this possible ?
Level 1
@bobbybouwmann , Actually i want to authenticate the API Request in which "access-token" exists in the "header's cookie", not in "header's Authorization".
Actually passport's middleware ( auth:api ) automatically detects the access-token from the "Header's Authorization" and authenticates the user. But i want that - access-token should be detectable from the "Header's Cookie" instead of "Header's Authorization".
is this possible by using this : https://laravel.com/docs/5.5/authentication#adding-custom-guards ?
Level 1
@nishantsoni2807 did you found a solution? I would also like to use httpOnly cookie to set Bearer token. This way, it will be more secure.
Please or to participate in this conversation.