Dynamic can now be configured to set a secure, HttpOnly cookie that can be used for authenticating with Dynamic’s backend. This will contain a minified version of our JWT token.
This feature would also allow your site’s end users to sign in on one subdomain and go to another subdomain without that end user needing to log in again using the same Dynamic environment ID.
Dynamic will require the setup of a custom hostname. This is a subdomain that you own, but pointed by DNS CNAME to Dynamic’s API. This will allow Dynamic’s backend to set secure, HttpOnly cookies on your domain.
For example, if your Dynamic-powered site is https://app.example.io, the custom hostname you could use is https://auth.example.io.
This would allow your users to sign in with Dynamic on https://app.example.io, receive an HttpOnly secure cookie for .example.io
. This cookie can then be used on any subdomain ending with .example.io
, such as https://marketplace.example.io and https://shop.example.io.
The following steps would be required to properly set up cookie-based authentication.
example.io
, you can potentially use auth.example.io
.sandbox
, we will also attempt to set the cookie from the SDK frontend. This will ensure continued support for local development and other preview environments.apiBaseUrl
prop in DynamicContextProvider
settings. For example:live
, Dynamic WILL NO LONGER return a JWT to store in local storage. The auth token will only be set on a cookie.Dynamic can now be configured to set a secure, HttpOnly cookie that can be used for authenticating with Dynamic’s backend. This will contain a minified version of our JWT token.
This feature would also allow your site’s end users to sign in on one subdomain and go to another subdomain without that end user needing to log in again using the same Dynamic environment ID.
Dynamic will require the setup of a custom hostname. This is a subdomain that you own, but pointed by DNS CNAME to Dynamic’s API. This will allow Dynamic’s backend to set secure, HttpOnly cookies on your domain.
For example, if your Dynamic-powered site is https://app.example.io, the custom hostname you could use is https://auth.example.io.
This would allow your users to sign in with Dynamic on https://app.example.io, receive an HttpOnly secure cookie for .example.io
. This cookie can then be used on any subdomain ending with .example.io
, such as https://marketplace.example.io and https://shop.example.io.
The following steps would be required to properly set up cookie-based authentication.
example.io
, you can potentially use auth.example.io
.sandbox
, we will also attempt to set the cookie from the SDK frontend. This will ensure continued support for local development and other preview environments.apiBaseUrl
prop in DynamicContextProvider
settings. For example:live
, Dynamic WILL NO LONGER return a JWT to store in local storage. The auth token will only be set on a cookie.