Testing Locally with Tokens Stored in Cookies


When using Descope with your application and testing in your local environment, you may encounter a 401 Unauthorized error when trying to authenticate if you're storing your refresh tokens in cookies (the recommended way of handling these tokens). The reason being that the cookies are set to a specific domain, and will not be sent when your current page is of a different domain.

If you need to test locally, assuming you're using localhost, the custom domain that you configure in the Descope Console will not allow you to authenticate if the Cookie Policy is configured as Strict pr Lax.

This guide will instruct you how to test cookies within a local environment.

This guide assumes that you have successfully configured the custom domain within your project.

Configure Descope Project

Within the Project Settings go to the Session Management section and configure the Cookie Policy to None within the Manage in cookies section then save the configuration.

Attribute Mappings in Descope

Test Cookies in Local environment

You can now utilize your custom baseUrl within your locally running application.

Note: If you are using incognito when testing, ensure that you have allowed 3rd party cookies in incognito mode.

Here is an example of testing cookie storage with localhost.

Attribute Mappings in Descope