Hi all,
we have a backend API with an angular SPA client. We recently added custom domains to our tenants, to have a more unified user experience. Until now I also thought that we should migrate from using refreshtokens with rotation to cookies (refreshtoken =false) since third party cookies should not be blocked now.
Is this correct? Is there a recommended approach? I just saw a few threads where people suggest that refreshtokens might be more futureproof since browsers are continueing to block cookies in general.
If using cookies with custom domains, how should we handle local testing - will this still work?
I would really appreciate some recommendations or best practices regarding this topic :).
Best
Chris