diff --git a/authn/github.index.js b/authn/github.index.js index 8241cb0..a155a00 100644 --- a/authn/github.index.js +++ b/authn/github.index.js @@ -70,16 +70,23 @@ function mainProcess(event, context, callback) { }], "set-cookie" : [{ "key": "Set-Cookie", - "value" : cookie.serialize('TOKEN', jwt.sign( - { }, - config.PRIVATE_KEY.trim(), + "value" : cookie.serialize( + 'TOKEN', + jwt.sign( + { }, + config.PRIVATE_KEY.trim(), + { + audience: headers.host[0].value, + subject: auth.getSubject(username), + expiresIn: config.SESSION_DURATION, + algorithm: 'RS256' + } // Options + ), { - audience: headers.host[0].value, - subject: auth.getSubject(username), - expiresIn: config.SESSION_DURATION, - algorithm: 'RS256' - } // Options - )) + sameSite: 'strict', + secure: true + } + ) }], }, }; diff --git a/authn/openid.index.js b/authn/openid.index.js index 5a293ae..8a5d5a0 100644 --- a/authn/openid.index.js +++ b/authn/openid.index.js @@ -181,7 +181,9 @@ function mainProcess(event, context, callback) { } // Options ), { path: '/', - maxAge: config.SESSION_DURATION + maxAge: config.SESSION_DURATION, + sameSite: 'strict', + secure: true }) }, { @@ -309,7 +311,9 @@ function redirect(request, headers, callback) { "key": "Set-Cookie", "value" : cookie.serialize('NONCE', n[1], { path: '/', - httpOnly: true + httpOnly: true, + sameSite: 'strict', + secure: true }) } ],