How to store refresh tokens in cookies securely(weweb + xano)

Hi everyone :waving_hand:
I’m using WeWeb as frontend and Xano as backend for my web app.

I have already implemented :
access token handling using the Xano plugin function store auth token in WeWeb after login.

I want to implement :

  • store the manually generated refresh token in cookie using weweb
  • On token expiry, the frontend calls an /auth/refresh endpoint that reads the refresh_token cookie and issues a new access_token

I am not able to figure out how to setup this thing please help me out

1 Like

Hi divyansh :waving_hand:

Weweb doesn’t allow cookie manipulation directly.

And from a web development point of view it would be very insecure.

What is it that you trying to achieve? Maybe we can think about a different way of achieving it.

@Agustin_Carozo it would be helpful if there were refresh token functionality built-in to the Xano auth plugin. I assume this is what divy is looking to do. I am also.

I have implemented a global workflow with custom js to perform a refresh process. The code came from chatgpt and doesn’t work 100% of the time.

1 Like

Hi Erick, thanks for the feedback.

Do you mind explaining the idea and creating a feedback ticket here?

That way we can sit down to discuss it.