I’m experiencing a “401 Unauthorized” error when I try to access the /api/v1/users/verifyToken endpoint of my CMS app on mobile devices. This endpoint is supposed to verify the validity of a JSON Web Token (JWT) stored in cookies.
Key Details:
I have set the cookies with the SameSite=None and Secure attributes.
CORS is properly configured to allow credentials from the correct origin.
The issue happens on multiple Android devices, specifically using default browsers like Chrome and Samsung Internet.
In my error investigation:
It seems that the server is creating and sending the cookie correctly to the mobile browser.
However, when the server tries to retrieve that cookie, it comes back as undefined. This means that no valid token can be created, resulting in the unauthorized error.
Thanks in advance for your time and help.