{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","results":{"codes":[]},"settings":"","params":[]},"next":{"description":"","pages":[]},"title":"Setup UserKit with HTTP-only cookies","type":"basic","slug":"setup-userkit-with-http-only-cookies","excerpt":"","body":"[block:api-header]\n{\n \"type\": \"basic\",\n \"title\": \"1. Setup a proxy endpoint\"\n}\n[/block]\nTo enable http-only session cookies on your website, you'll need to setup an endpoint on your website that will forward requests from the widget to UserKit servers.\n[block:code]\n{\n \"codes\": [\n {\n \"code\": \"import userkit\\nuk = userkit.UserKit('{YOUR_USERKIT_SECRET_KEY}')\\n\\n\\n# Handler for /userkit-widget-proxy endpoint\\ndef widget_proxy_handler(request, response):\\n # 1. Extract the private token from the http-only cookie.\\n # 2. Forward the UserKit widget request to UserKit's servers,\\n # along with the private token.\\n # 3. Set the http-only cookie.\\n # 4. Return the UserKit response back to the widget.\\n private_token = request.cookies.get('httponly_session_token')\\n resp = uk.widget.proxy(request.data, private_token)\\n response.set_cookie('httponly_session_token', resp.token_private,\\n httponly=True)\\n response.write(resp.body)\",\n \"language\": \"python\"\n },\n {\n \"code\": \"from flask import Flask, request, make_response\\napp = Flask(__name__)\\nimport userkit\\nuk = userkit.UserKit('{YOUR_USERKIT_SECRET_KEY}')\\n\\n\\n:::at:::app.route('/userkit-widget-proxy')\\ndef userkit_widget_proxy():\\n # 1. Extract the private token from the http-only cookie.\\n # 2. Forward the UserKit widget request to UserKit's servers,\\n # along with the private token.\\n # 3. Set the http-only cookie.\\n # 4. Return the UserKit response back to the widget.\\n private_token = request.cookies.get('httponly_session_token')\\n resp = uk.widget.proxy(request.data, private_token)\\n response = make_response(resp.response)\\n response.set_cookie('httponly_session_token', resp.token_private,\\n httponly=True)\\n return response\",\n \"language\": \"python\",\n \"name\": \"Python (Flask)\"\n },\n {\n \"code\": \"import webapp2\\nimport userkit\\nuk = userkit.UserKit('{YOUR_USERKIT_SECRET_KEY}')\\n\\n\\n# Handler for /userkit-widget-proxy endpoint\\nclass UserKitWidgetProxy(webapp2.RequestHandler):\\n \\n def post(self):\\n # 1. Extract the private token from the http-only cookie.\\n # 2. Forward the UserKit widget request to UserKit's servers,\\n # along with the private token.\\n # 3. Set the http-only cookie.\\n # 4. Return the UserKit response back to the widget.\\n private_token = self.request.cookies.get('httponly_session_token')\\n resp = uk.widget.proxy(self.request.body, private_token)\\n self.response.set_cookie('httponly_session_token',\\n resp.private_token,\\n httponly=True)\\n self.response.write(resp.response)\",\n \"language\": \"python\",\n \"name\": \"Python (App Engine)\"\n }\n ]\n}\n[/block]\n\n[block:api-header]\n{\n \"type\": \"basic\",\n \"title\": \"2. Configure the UserKit widget\"\n}\n[/block]\nNext you'll need to tell the UserKit widget that it should make requests to the endpoint you setup in step 1. Do this by setting the `data-proxy` data property:\n[block:code]\n{\n \"codes\": [\n {\n \"code\": \"<script src=\\\"https://widget.userkit.io/widget.js\\\"\\n\\tdata-proxy=\\\"/userkit-widget-proxy\\\">\\n</script>\",\n \"language\": \"html\"\n }\n ]\n}\n[/block]\n\n[block:api-header]\n{\n \"type\": \"basic\",\n \"title\": \"3. Getting a user server-side with the http-only token\"\n}\n[/block]\nWhen you want to fetch a user via the server SDK, you'll need to pass the http-only token along with the usual session token.\n[block:code]\n{\n \"codes\": [\n {\n \"code\": \"import userkit\\nuk = userkit.UserKit(\\\"<YOUR_APP_SECRET_KEY>\\\")\\n\\n\\ndef request_handler(request, response):\\n # Along with the usual session token, you'll also need\\n # to pass in the private token from the httponly cookie\\n # you set in your widget proxy endpoint\\n token = request.get_cookie(\\\"userkit_auth_token\\\")\\n httponly_token = request.get_cookie(\\\"httponly_session_token\\\")\\n user = uk.users.get_current_user(token, httponly_token)\\n \\n if user:\\n # There's a logged in user\\n response.write(\\\"Welcome, {}\\\".format(user.name))\\n else:\\n # No logged in user, redirect to login page\\n response.redirect(\\\"/account.html\\\")\",\n \"language\": \"python\"\n }\n ]\n}\n[/block]","updates":[],"order":1,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"589e2a392793e937001c15c6","parentDoc":null,"__v":0,"createdAt":"2017-02-10T21:01:45.254Z","version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":true,"is_hidden":false,"is_deprecated":false,"categories":["5589ceaf9883a40d00c433f7","559ab19d2100d117005f1269","57d4a754899ab90e00105e5d","5807813b6d24211900953b99","5819154bf62fee0f00949855","5841d27cae05ac2500ba2680","5846c4ee5d064323007b1774","589e29c72793e937001c15c5","5cf0460e272f2c0014a80d17","5cf047bde14258005d7a374e","5db6fa2c7f86fa004ff2c35b","5e349a6a02520b006458b0ae","5e4c89eafd907100654072f2","5e4d7a1feca7f90018b15b9b","5e4eff0ec3399b005118d83a"],"_id":"5589ceae9883a40d00c433f6","releaseDate":"2015-06-23T21:25:02.865Z","__v":15,"createdAt":"2015-06-23T21:25:02.865Z","project":"5589ceae9883a40d00c433f3"},"category":{"sync":{"isSync":false,"url":""},"pages":[],"title":"Http-only cookies","slug":"http-only-cookies","order":5,"from_sync":false,"reference":false,"_id":"589e29c72793e937001c15c5","version":"5589ceae9883a40d00c433f6","__v":0,"project":"5589ceae9883a40d00c433f3","createdAt":"2017-02-10T20:59:51.280Z"},"project":"5589ceae9883a40d00c433f3","githubsync":"","user":"5542d87d795b590d001dc7ff"}