I’d like to set a cookie in the response so it can be stored in the browser. How can this be achieved?
There’s a blog that outlines how it can be done but it requires configuring API Gateway.
As I’m using lambda-proxy I was hoping it could be achieved without having to configure API Gateway. I have cors: true enabled in serverless.yml and setting the headers in the response. I tried a mix of what was outlined in the blog but it doesn’t appear to be returning the cookie. My code is below (using serverless-webpack for ES6):
When you say that it can be done with custom response headers, do you mean configuring the serverless.yml file? Looks like only fixed cookie values can be returned with custom response headers.
Thanks for your suggestions. Tried them out but didn’t help. I’m trying to build a serverless authentication service and would like to return a jwt token in the response cookie which is what I’m trying to achieve here.
Is your serverless available on Github or somewhere public? Would like to compare configurations to see if there’s something I may have overlooked.
Apologies. I got the solution working when I deployed to AWS. I was testing locally and expecting it to work when running offline using serverless-webpack's.
I’m guessing that it’s API Gateway that’s actually doing some “stuff” to set the cookie in the response.
It’s not public at the moment but it probably will be in a few weeks.
When the user makes an API call to authenticate themselves the payload includes a JWT token that is kept in session storage. All future API calls need to include that token in the headers so I can tell who is making the API call.
Most of what’s posted here still seems valid. You can set cookies (in general) using the Set-Cookie header. If you’re having a problem it’s almost certainly not serverless specific. The only thing I would add is making sure you set withCredentials = true when making an AJAX request.
I’m trying to do service-to-service (no AJAX). I.e., a have two services: “web” and “auth” (which are both aws-serverless-express services). “web/home” redirects to “auth/login” which (successfully) does the OAuth dance with an external provider and creates a JWT token. It then redirects back to “web/profile”.
In the “web/profile” service handler I want to access the JWT – either through a cookie or a header. For example:
res.set({
'Access-Control-Allow-Origin' : '*', // Required for CORS support to work
'Access-Control-Allow-Credentials' : true, // Required for cookies, authorization headers with HTTPS
'Set-Cookie': 'xxx=123'
});
res.redirect(callbackUrl); // In this case "web/profile"
But the event (in the “web” service that is redirect to) doesn’t have the header.
If you want help you’ll need to provide a lot more detail about exactly what you’re attempting to do. The more specific you are the easier it is to answer. Currently there are too many gaps and assumptions that need to be made.
I would also suggest starting your own thread rather than hijacking this one. From what you’ve written so far I suspect your problem is an understanding of how to pass auth tokens between services rather than how to send a cookie in a response.
I also have an oauth partner where that partner calls my serverless /oauth endpint where the dance is done. On success I want to create a JWT token and then redirect to my react app.
(The JWT would then be passed from the frontend in every api gateway call and verified by a custom autorizer)
But Im wondering about the best way to pass the JWT to the frontend?
with a cookie (I guess that means my authorizer would check the cookie each time)
or just pass it back in response, store it somewhere locally in the app like local storage etc and then somehow pass it as an Authorization header each time in each api gateway request (via https of course)