We plan to migrate our authentication method from jwt in localstorage to session cookies authentication, in the purpose of api subdomain authentication, instead of front end subdomain authentication.
(one api subdomain can have multiple front end subdomains) .
Ex:
Api subdomain (owner) :
https://myclientApiSubdomain1.apidomain.com/
can have multiple front end subdomains (entity) :
https://myClientFrontEndSubdomain1.clientdomain.com/
https://myClientFrontEndSubdomain2.clientdomain.com/
Today, myClientFrontEndSubdomain1 does not share authentication with myClientFrontEndSubdomain2.
It’s what we want to do and I know we can do it with session cookies.
Our javascript code is hosted on https://myclientApiSubdomain1.apidomain.com/client/build/js/app.js
There are one capacitor app per “myClientFrontEndSubdomain” which reference the javascript assets hosted remotely on the api server.
I have read lots of quirks about cookies not sent along http requests from capacitor.
My knownledge of capacitor is small, and my questions are :
-
Is there a way to send cookies along requests, working with our current codebase (axios requests)
-
Does it require a specific plugin
-
If a plugin is required, does it require specific ios capability(ies), like cookies consent (I believe no as authentication cookies does not require cookies consent in the scope of GDPR) ?
-
If not possible, what other options do we have ?