Passing cognito tokens stored in localStorage in every request to the Rails application

We have a ruby on rails app that is deployed to a subdirectory like this

The site is a login app which uses AWS Cognito to authenticate user and stores the token in localStorage. It is an entry point to many apps under

After they have authenticated in the login app, the user can choose their applications one of which is the railsapp. So we have to allow access based on the tokens in the localStorage but unlike cookies the tokens in there aren’t sent in every request and I haven’t found a viable way to send them in requests that aren’t initiated via javascript (ajax). The login app team is unwilling to store them in cookies. What is the approach that we can take here if it even is possible?

You could include some minimal JS in the page that reads the desired parameter and sets it as a cookie. :dotted_line_face:

Or you could make a dummy request via JS with the parameter and store it in the Rails session.

Hi and thank you. We have been looking into the first option and second seems like something we can consider as well but somehow these solutions felt like ‘hacks’ so thought there must be a better approach to this. I mean with cookies its just all possible in the request!! :smile:

While searching I think I found a way to do it in one request with Turbo. We are thinking of trying this. But that would mean having to switch from turbolinks. Not sure how painful that will be.