I have a ruby sinatra app with a login endpoint. it will receive username and password params, as well as a redirect_url param, and after a successful authentication, it redirects to the redirect_url page. I assume the redirect will be a new request. The problem I have is, I am not able to set the access_token and refresh token in the headers of the new request.
Here is the endpoint:
post "/users/login" do
param :email, String, required: true
param :password, String, required: true
param :redirect_url, String, required: true
email = params[:email]
password = params[:password]
redirect_url = params[:redirect_url]
# Respond with the token and refresh and expiry time of the token
access_token = 'SOME_A_T',
refresh_token = 'SOME_R_T',
token_expires_at = Time.current + 60.minute
# Here is where I try to set the access token in the header
request['authorization'] = "Bearer #{access_token}"
redirect redirect_url
end
When I test and inspect the response, it has a location item in the header which is set to the redirect_url param, but the access_token doesn't exist in the header. Also, I don't know what's the best way to include refresh token in the header.