I understand logging in using only a tenant id will return only a JWT and no refresh token. But is it possible to obtain a refresh token after successful authentication?
Let's say I have 2 apps:
Both have "Generate Refresh Tokens" and "Enable JWT refresh" set to
You could just navigate to the specific domain + subdomain or path and login to that exact app.
But what I'm after is a possibility to be able to login to
http://app.com/ and pick one of the apps an get redirected and still be logged in.
A problem with the subdomain example is, the response carries a Set-Cookie header that sets the cookie on the current domain without any wildcards. (Is there a way of customizing this header?)
The flow would look like this:
- User successfully logs in on
- User gets presented apps it's registered to
- User click app and gets redirected
- (somewhere here the should be a way to obtain a refresh token)
- User is able to use the app and is not required to re-authenticate
My questions are:
- Is this possible using FusionAuth?
- Is there a way to disable/modify the Set-Cookie header so I can handle the tokens myself using the Authorization header without confusing the FA API with HTTP-only cookies?
- Is it possible to obtain a refresh token using a valid JWT and application id? (user must be registered of course)
ps: I love this live MD preview