I'm working on project that includes server and gui. I have authorization and authentication via access_token
and refresh_token
. refresh_token
is set in cookie and access_token
is passed in headers. In gui i don't have cookie mechanism to automatically manage them so i have to do it manually.
My app saves refresh_token
in file for now. On every app startup it reads that file and gets refresh_token
. Then it tries to get new access_token
.
Here is the function:
pub async fn gen_access_token(
client: Client,
refresh_token: RefreshToken, // <- String
) -> Result<AccessToken, NetworkError> { // AccessToken is string as well
println!("RERESH TOKEN SEND: {}", refresh_token);
let res = client
.post("http://localhost:8080/api/v1/auth/refresh_token")
.header(COOKIE, refresh_token)
.send()
.await
.unwrap();
let status_code = res.status();
let content = res.text().await.unwrap();
if status_code.is_client_error() || status_code.is_server_error() {
return Err(NetworkError {
status_code: status_code.as_u16(),
error_message: content,
});
}
println!("STATUS CODE: {}\nCONTENT: {}", status_code, content);
return Ok(content);
}
It does set cookie in header, but in my actix server i cant access it through HttpRequest.cookie("refresh_token")
, but can with HttpReqest.headers.get("Cookie")
Why is that happening? If i can't pass refresh_token
with cookie is there any reason not to use just 1 token? Maybe there is some better pattern for gui auth?