Authorization
headeraccess token
and refresh token
to the client app after authentication.access token
with the refresh token
for you, so you don't have to worry about it.Set-Cookie
headers and sets cookies to the browser. The cookies are HTTP only and share under the same root domains. So you will need to setup the custom domain for Authgear, such as identity.yourdomain.com
.yourdomain.com
, all applications would share the same session cookie automatically. After that, you can verify the cookies by integrating Authgear with your backend. The HTTP requests must be authenticated by Forwarding to Authgear Resolver Endpoint.