Is the JWT Module able to automatically parse tokens sent via cookies?

Search Guard
1

Hi,

I am still experimenting with the JWT module and was wondering if it can parse/read a token that is sent back by an authentication server stored in a cookie?

I stumbled into this blog posts where the author is talking about storing JWTs in Cookie Storage or SessionStorage. (https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage)

···

JWT Cookie Storage
Exchanging a username and password for a JWT to store it in a cookie is simple as well. The response would use the Set-Cookie HTTP header:

1

2

3

4

HTTP/1.1 200 OK

Set-Cookie: access_token=eyJhbGciOiJIUzI1NiIsI.eyJpc3MiOiJodHRwczotcGxlL.mFrs3Zo8eaSNcxiNfvRh9dqKP4F1cB; Secure; HttpOnly;

2

No, that is not possible unfortunately since Elasticsearch itself does not have any notion of cookies.

···

On Wednesday, May 9, 2018 at 5:26:49 PM UTC+2, .mni wrote:

Hi,

I am still experimenting with the JWT module and was wondering if it can parse/read a token that is sent back by an authentication server stored in a cookie?

I stumbled into this blog posts where the author is talking about storing JWTs in Cookie Storage or SessionStorage. (https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage)

JWT Cookie Storage
Exchanging a username and password for a JWT to store it in a cookie is simple as well. The response would use the Set-Cookie HTTP header:

1

2

3

4

HTTP/1.1 200 OK

Set-Cookie: access_token=eyJhbGciOiJIUzI1NiIsI.eyJpc3MiOiJodHRwczotcGxlL.mFrs3Zo8eaSNcxiNfvRh9dqKP4F1cB; Secure; HttpOnly;