Product/components used and version/fix level are you on:
Cumulocity Production
Detailed explanation of the problem:
We have created a cockpit application using c8ycli to create our own custom widgets and I have given my tenant url under script to start the server as below
** start: “c8ycli server -u [tenantUrl]” **
So now once I start the server I could see the login page and user can able to login into that tenant successfully. Now I would like to get authorization token of the logged in user. they are setting in cookies as HttpOnly so we are not able to access the token in client side.
Do we have any other ways to access the authorization token of logged in user ?
the web application running in your browser is not supposed to access the token from the cookie for security reasons.
It will be attached to every request going to your Cumulocity tenant’s domain automatically.
What is your usecase that you need to access the authorization token?
There is an API to retrieve the authorization token in your response body instead of attached as a cookie: Cumulocity IoT - OpenAPI Specification but this is specifically not used in the UI for security reasons.
Yes the cookie is also being attached to the request going from the UI to your microservice.
If you e.g. follow this sample to access a microservice from one of your angular components: Tutorials - Cumulocity IoT Guides you should not have to worry at all about authorization.