Isn't the cookie posing security risks if storing the access token? Which is why my train of thought was to store the 'access token' in the app itself by way of a data store and store the refresh token in the cookie with appropriate config so that on reload the SPA can use the refresh token to request for another 'access token' to avoid re-login for the user.
Distraction-free reading. No ads.
Organize your knowledge with lists and highlights.
Tell your story. Find your audience.
Read member-only stories
Support writers you read most
Earn money for your writing
Listen to audio narrations
Read offline with the Medium app
Technology evangelist engineering solutions on weekdays and exploring life on the weekends. The joy of life lies in the gray zone.
