refresh tokento the client app after authentication.
access tokenwith the
refresh tokenfor you, so you don't have to worry about it.
Set-Cookieheaders and sets cookies to the browser. The cookies are HTTP only and share under the same root domains. So you will need to setup the custom domain for Authgear, such as
yourdomain.com, all applications would share the same session cookie automatically. After that, you can verify the cookies by integrating Authgear with your backend. The HTTP requests must be authenticated by Forwarding to Authgear Resolver Endpoint.