Support access token in cookies and centralize param name

Vadim Belov · Vadim Belov · commit 5411ce9d46d9 · 2026-02-25T09:58:21.000-08:00
Introduce AccessTokenParamName constant to avoid hardcoding the access token parameter name. Update JWT authentication to check for the token in both query string and cookies, improving flexibility and maintainability.
diff --git a/Sources/EasyExtensions.AspNetCore.Authorization/Extensions/ServiceCollectionExtensions.cs b/Sources/EasyExtensions.AspNetCore.Authorization/Extensions/ServiceCollectionExtensions.cs
@@ -21,6 +21,11 @@ namespace EasyExtensions.AspNetCore.Authorization.Extensions
     /// </summary>
     public static class ServiceCollectionExtensions
     {
+        /// <summary>
+        /// Represents the name of the parameter used to pass the access token.
+        /// </summary>
+        public const string AccessTokenParamName = "access_token";
+
         /// <summary>
         /// Adds JWT authentication resolving <see cref="IConfiguration"/> from DI.
         /// Reads settings from JwtSettings section or flat fallback Jwt[Key] configuration values (see <see cref="ConfigurationExtensions.GetJwtSettings"/>).
@@ -92,11 +97,19 @@ public static IServiceCollection AddJwt(this IServiceCollection services)
                     {
                         OnMessageReceived = context =>
                         {
-                            var accessToken = context.Request.Query["access_token"].ToString();
+                            var accessToken = context.Request.Query[AccessTokenParamName].ToString();
                             if (!string.IsNullOrEmpty(accessToken))
                             {
                                 context.Token = accessToken;
                             }
+                            if (string.IsNullOrWhiteSpace(context.Token))
+                            {
+                                string? cookieToken = context.Request.Cookies[AccessTokenParamName];
+                                if (!string.IsNullOrEmpty(cookieToken))
+                                {
+                                    context.Token = cookieToken;
+                                }
+                            }
                             return Task.CompletedTask;
                         }
                     };

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,11 @@ namespace EasyExtensions.AspNetCore.Authorization.Extensions`
`21`	`21`	`/// </summary>`
`22`	`22`	`public static class ServiceCollectionExtensions`
`23`	`23`	`{`
	`24`	`+ /// <summary>`
	`25`	`+ /// Represents the name of the parameter used to pass the access token.`
	`26`	`+ /// </summary>`
	`27`	`+ public const string AccessTokenParamName = "access_token";`
	`28`	`+`
`24`	`29`	`/// <summary>`
`25`	`30`	`/// Adds JWT authentication resolving <see cref="IConfiguration"/> from DI.`
`26`	`31`	`/// Reads settings from JwtSettings section or flat fallback Jwt[Key] configuration values (see <see cref="ConfigurationExtensions.GetJwtSettings"/>).`
`@@ -92,11 +97,19 @@ public static IServiceCollection AddJwt(this IServiceCollection services)`
`92`	`97`	`{`
`93`	`98`	`OnMessageReceived = context =>`
`94`	`99`	`{`
`95`		`- var accessToken = context.Request.Query["access_token"].ToString();`
	`100`	`+ var accessToken = context.Request.Query[AccessTokenParamName].ToString();`
`96`	`101`	`if (!string.IsNullOrEmpty(accessToken))`
`97`	`102`	`{`
`98`	`103`	`context.Token = accessToken;`
`99`	`104`	`}`
	`105`	`+ if (string.IsNullOrWhiteSpace(context.Token))`
	`106`	`+ {`
	`107`	`+ string? cookieToken = context.Request.Cookies[AccessTokenParamName];`
	`108`	`+ if (!string.IsNullOrEmpty(cookieToken))`
	`109`	`+ {`
	`110`	`+ context.Token = cookieToken;`
	`111`	`+ }`
	`112`	`+ }`
`100`	`113`	`return Task.CompletedTask;`
`101`	`114`	`}`
`102`	`115`	`};`