How is the fusionauth.sso cookie encoded in version 1.36?
-
It seems like the fusionauth.sso cookie can no longer be base64 decoded after upgrading to a new version (it was previously decoded with base64 on version 1.28: https://fusionauth.io/community/forum/topic/1103/fusionauth-sso-cookie-s-value-is-encoded).
Is there a specific algorithm used to encrypt/encode the refresh token into a fusionauth.sso cookie? By refresh token I mean the refreshToken.token parameter returned by this api call https://fusionauth.io/docs/v1/tech/apis/jwt#retrieve-refresh-tokens. We were previously using base64 decryption to match the fusionauth.sso cookie in the browser with a specific refresh token to monitor and modify user activity.
Thanks!
-
Heya, this isn't something we document, so it is considered an implementation detail that could change at any time.
You could file an issue asking this to be codified and documented, but I'm not sure we'd do that. It's more likely we'd do something like this: https://github.com/FusionAuth/fusionauth-issues/issues/1515
Thanks for using FusionAuth!