HTTP Only Cookies Authentication
The plugin manages authentication using HTTP-only cookies, protecting JWT tokens and providing a logout feature for users.
HTTP Only Cookies Authentication
Installation
Via npm
npm install strapi-v5-http-only-auth
Via yarn
yarn add strapi-v5-http-only-auth
Configuration
To configure the plugin, add the following code to your config file:
1// config/plugins.ts
2
3export default () => ({
4 'strapi-v5-http-only-auth': {
5 enabled: true,
6 config: {
7 // Default cookie settings
8 cookieOptions: {
9 secure: process.env.NODE_ENV === 'production',
10 maxAge: 30 * 24 * 60 * 60 * 1000, // 30 days
11 sameSite: 'lax',
12 domain: process.env.CLIENT_DOMAIN,
13 path: '/',
14 },
15 // If set to true, the JWT will be removed from the response
16 // after a successful login or registration
17 deleteJwtFromResponse: true,
18 },
19 },
20});
How It Works
The plugin sets the user’s JWT token from the /api/auth/local
response into an HTTP-only cookie. When processing a request to the /api
path, it intercepts the HTTP-only cookie and assigns its value to the Authorization
header.
This plugin also provides a logout feature. To enable it, grant permissions to the logout endpoint in:
Admin Panel → Settings → Roles → Authenticated → Users-permissions
The logout route is available at:
1DELETE /api/auth/local
Successful Logout Response:
1{
2 "message": "You have been logged out successfully."
3}
Enjoy!
Install now
npm install strapi-v5-http-only-auth
Create your own plugin
Check out the available plugin resources that will help you to develop your plugin or provider and get it listed on the marketplace.