undefined | Better HN

0 pointsGoblinSlayer4y ago0 comments

You know that the opened token is linked to the initial client session. You can unblock that session and the user can proceed in the non-isolated browser. You have this workflow with codes anyway: the user must open an email then go back to the browser and type in the code. With the link you will save on the typing.

0 comments

mojuba4y ago

Interesting! (I searched, even asked on SO, couldn't find any solution for this). So to elaborate: I first store a nonce in cookies as a login session token. Once the code is validated somehow, I unblock it on the backend, and on a first chance also set my main JWT cookie if not yet set. Excellent, that solves it!

P.S. Unless there are some security implications - need to think about it a bit more. Thanks!

j / k navigate · click thread line to collapse

0 pointsGoblinSlayer4y ago0 comments

0 comments

mojuba4y ago

P.S. Unless there are some security implications - need to think about it a bit more. Thanks!

j / k navigate · click thread line to collapse