Hi everyone, we currently need tokens to be able t...
# talk-kratos
f
Hi everyone, we currently need tokens to be able to be used in a browser across different domains. Cookies only work on the same TLD, so is it safe to use session tokens (bearer tokens in Authorization header) instead? Or is there any better alternatives?
r
I think people usually use oauth2/openid (👉 ory hydra) for cross-domain, it's a bit more involved. but that has the redirects with tokens, etc. and you can add them to a cookie or whatever is easier after. and you have APIs to validate them, etc..
f
Thank you!