Options for storing zitadel's session api's token
Hi, as far as I know, the best option to storing a token is an httpOnly cookie, set by the backend. I was trying to figure out how I could do that using Zitadel, but couldn't really find a fully satisfying option, so here are the options I'm seeing:
1) have access to a zitadel's api method that would allow to have session token set as a httponly cookie (couldn't find it)
2) use the instance of the zitadel's typescript login ui running next to our zitadel's instances (non-standardized, afaik)
3) roll our own backend that will do the session creation
with 1 being the most preferable option and 3 being the least. 2 is fine too, but the api needs to be somehow documented, at least a little, or guaranteed not to change all of a sudden. Could you help/steer me to the correct choice?
3 Replies
@peintnermax can you help here?
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
Thanks for the clarification
Do you have any plans for implementing option 1 at some point in future?
Also, if you have time, could you elaborate on the option 2 security issues? Since in my head option 2 is option 3, but the backend is already set up and running as a part of zitadel cloud offering
Also, if you have time, could you elaborate on the option 2 security issues? Since in my head option 2 is option 3, but the backend is already set up and running as a part of zitadel cloud offering