DEV Community


Discussion on: OAuth Like a BOSS

simov profile image
simo Author

Hi @Gregory, I'm glad you like the article.

Cookies are being used only as a mechanism to execute the OAuth flow successfully. It's a built-in feature in browsers and it's well understood concept. Depending on the cookie configuration you set on your end you can expire the session after you receive the access tokens.

As for JWT tokens, once you receive back the credentials from the OAuth flow, you can generate a JWT and return that to the user.