Add option to store token in cookie

[comsma]

I want to change the authentication package to allow the token returned from Zitadel to the callback to be stored directly in the cookie rather than associating it with a session id and storing the actual token in a session context.

My current issue with storing the token in a session is that the authentication session does not survive a server restart. This also produces a challenge when scaling the api horizontally as other instances do not have access to that session ID. Another change i would be okay with is using a centralized database to store these session ids with tokens. Perhaps an option when initializing the Authenticator that lets you pass a session store that matches the existing interface.

[hifabienne]

Thank you for sharing your idea.
If there is a significant demand from customers/community, we will carefully consider implementing the feature.
Currently, the issue will be added to our product backlog to collect feedback.

Meanwhile, if you're interested in implementing it yourself, we also welcome pull requests.

[brianfeister]

+1 on this. I'm building on a Go AWS Lambda API Gateway, so the horizontal scaling issue will be a problem for me as well!