Access token in the response API and refresh token in a cookie

[jaribu]

Hello,

My backend server for authentification return an access token in the response API and refresh token in a HTTP Only cookie.
Is this case covered or is it mandatory to have the refresh token in the API response?

[AmelieChevalier]

Hello, I have the same case and it's ok to have the refresh_token in cookie : you just have to set { withCredentials : true } in your post request to refresh the token. Cookies will be passed automatically.
Works for me !