Custom Auth Refresh Flow

Feature Requests
1

Refresh Auth Workflow in custom auth does not send along cookies from the original request in the regular auth workflow.

We're using a custom passwordless workflow, and here's how our authentication works:

  1. User requests to login with a phone number
  2. Server generates code and send to user
  3. User enters code and submits to server
  4. Server authenticates and returns an accessToken in the response and sets a refreshToken http-only cookie

Problem: This refreshToken cookie is not being sent to the server on the refresh auth workflow, but exists in every other request, including the Auth Trigger request.

Is there any documentation or help surrounding this? I've been unable to find any way to make this work, and having to login periodically is very frustrating

2

I am also having this problem. Can't figure out how to forward cookie on refresh workflow

3

@isacmms

Hey there :wave: This workflow functionality unfortunately has not been implemented on our side and will not currently work. I am sorry for the bad news there! I will move this over to our feature requests :slightly_smiling_face:

4

Thanks for your response. I would like to enrich the feature request by stressing the importance of having a refresh token feature using secure http only cookies. Due to cloud horizontal auto scaling feature, stateless services are the most straight forward/simple/fast/cheap way to go. And despite having some ways to achieve the desired result using stateless authentication, http only cookies for refresh token is widely used when integrating third party auth services like Firebase and Auth0, which are extremely cheap compared to services like Okta and more flexible compared to services like Cognito