I have implemented on site using Auth0 and SPA… in this case I implemented REST endpoints and accessed them from the angular using an access_token stored in local storage.
(REST endpoints protected using jwt and jwtAuthz)
I am now creating a second site but this time a Regular Web Application using pug templates rendered on the back end.
90% of the site is created this way but I also need to include a couple of REST endpoints for certain actions from some buttons.
I would like to protect these endpoints so that only the signed in user can access them… same as in the SPA above.
My understanding is that the access_token is now in the cookie? Is this correct?
How can I use it when doing for example a jQuery call to the REST endpoint?