How to use verify_jwt_token with token in httpOnly cookie?

[Bouni]

Hi,

I want to use httpOnly cookies for storing the token, which works already as expected, but the verify_jwt_token view expects the token being sent as payload in the body!?

Is there a way to verify a token passed as httpOnly cookie?

[robrap]

Not sure if this will help you or not. We decided to split our token across two cookies to make the signature HttpOnly. You can read more about our decision here: https://github.com/edx/edx-platform/blob/master/openedx/core/djangoapps/oauth_dispatch/docs/decisions/0009-jwt-in-session-cookie.rst. We used Django middleware to take our two cookies and create the expected cookie on the backend.