Say I have a service that has two domains
app.myapp.com
api.myapp.com
My app does the whole OAuth/OpenID flow.
app.myapp.com/oauth
app.myapp.com/oauth/callback
In the /callback
I set the accessToken
as an http-only cookie on the current domain (app.myapp.com
).
I have an assortment of microservices that live on api.myapp.com
, all of which require an accessToken
to work.
In the /callback
stage of the OAuth flow, can I specify the other domain in my http-only cookie?
I am using Go + Gin
c.SetCookie(
"accessToken",
accessToken,
3600,
"/",
"",
false,
true,
)