I am sending a GET request for Basic authentication, to which the server(the backend API) would return(if the authentication is successful) a cookie. This is working fine for POSTMAN, but in browser cookie is not being set.
Here is my application flow:
1. Browser/POSTMAN login using basic authentication. Send credentials using Authorization Basic xxxxxx== header.
2. Server reads the authentication details, and if correct it creates a cookie named auth and send it back with the response(above code). For security layer, I am using Spring security.
3. For further requests, that cookie will automatically be sent with each request. Now I had to take that cookie and extract the authentication details from that. After that, I had to add Authorization Basic xxxxxx== to that request(Because now the Authorization not sent by the client, only cookie sent). For this I created the Filter which will run before Spring's BasicAuthenticationFilter.class
Step 2 is working for POSTMAN, but not for the browser. In POSTMAN, the server sent response contains Set-Cookie →auth=Basic xxxxxxxx=; Domain=localhost; HttpOnly.