Skip to content

allow modifying cookie settings #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

allow modifying cookie settings #26

wants to merge 2 commits into from

Conversation

ovalek
Copy link

@ovalek ovalek commented Jun 17, 2024

Allow modifying cookie settings by passing closure with CookieBuilder to cookie_adjust in TokenSigner builder.

As mentioned in #24, we could change cookie settings when creating the initial access_token or refresh_token, but we couldn't easily change the access_token when it is refreshed. This PR allows to adjust cookie settings (e.g. Path) as follows using cookie_adjust():

TokenSigner::new()
    .signing_key(key.clone())
    .algorithm(Hs256)
    .cookie_adjust(|builder: CookieBuilder| builder.path("/"))
    .build()
    .expect("Error: Could not create a TokenSigner")

@ovalek ovalek mentioned this pull request Jun 17, 2024
Open
@michaelvanstraten
Copy link
Owner

Would passing an initial CookieBuilder also be fine with you? I think it should offer the same level of flexibility with a bit less exposure in the interface. Please speak out if you have a use case where a function is required; it could be that I don't see the full picture here.

@ovalek
Copy link
Author

ovalek commented Jun 28, 2024

As long as I can set path, http_only and same_site parameters for the refreshed access_token I'm fine with it. I added new commit that adds bare CookieBuilder as a parameter. The Cookie::build method requires name and value, that have to be overriden. The builder doesn't have methods to set name/value, so I set these on the final Cookie.

@MihaelBercic
Copy link

Any news on this?

@ovalek
Copy link
Author

ovalek commented Jun 11, 2025
edited
Loading

@MihaelBercic As for now I use my forked version since I don't see any other way to configure path and other parameters consistently (not just when creating the initial cookie but also when refreshing).
So until it is merged or other way to configure the cookie settings is provided, I just use this in my Cargo.toml:

actix-jwt-auth-middleware = { git = "https://github.com/ovalek/actix-jwt-auth-middleware.git" }

And create token signer with cookie_builder() like this:

TokenSigner::new()
    .signing_key(key.clone())
    .algorithm(Hs256)
    .refresh_token_lifetime(Duration::from_secs(2*168*60*60))
    .cookie_builder(Cookie::build("", "").secure(true).path("/").http_only(true).same_site(SameSite::Strict))
    .build()
    .expect("Error: Could not create a TokenSigner"),

@MihaelBercic
Copy link

@ovalek thank you very much! I wasn't aware you're actively using it so I've forked it just in case. I appreciate the fix very much, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ovalek @michaelvanstraten @MihaelBercic