I’m having trouble with my FastAPI app using Google OAuth. The authentication token isn’t showing up in the browser cookies after the OAuth flow. Here’s what I’ve tried:
@router.get('/oauth/callback')
async def oauth_callback(code: str, response: Response):
# OAuth flow and token creation...
access_token = generate_token(user_data)
response.set_cookie(
key='auth_token',
value=access_token,
httponly=True,
domain='localhost'
)
return RedirectResponse('http://localhost:3000/dashboard', status_code=302)
I’m setting the cookie in the response object before redirecting, but it’s not appearing on the frontend. Are there any other secure methods to pass the token to the client-side? Maybe I’m missing something in my implementation. Any ideas on how to troubleshoot this?
hmmm, interesting issue! have u checked if the cookie is actually being set on the server side? maybe try logging the response headers before redirect? also, are u using a secure connection (https)? some browsers block cookies on insecure connections. what about trying to send the token as a URL parameter instead? jus brainstorming here 
Your issue might stem from cross-origin restrictions. Since your API is likely running on a different port than your frontend, browsers may block the cookie. To resolve this, ensure your frontend is configured to accept credentials from your API’s origin. In your API, set the ‘SameSite’ and ‘Secure’ flags on the cookie. Additionally, consider implementing CORS properly on your backend. If these don’t work, an alternative approach could be to return the token in the response body and have your frontend store it in local storage, though this method has its own security considerations to keep in mind.
hey mate, have u tried using the ‘samesite’ attribute in ur cookie settings? like this:
response.set_cookie(
key=‘auth_token’,
value=access_token,
httponly=True,
samesite=‘Lax’,
secure=True
)
might help with cross-origin stuff. also check if ur frontend is usin the right domain to access the cookie.