DICK'S Sporting Goods
Updates to Session Management on www.golfgalaxy.com!
Hello!
We wanted to let everyone know that our teams have updated session management on www.golfgalaxy.com and would very much appreciate attention on the new flows.
The new flow uses session cookies instead of local storage. The cookies are used to retrieve the refresh and access tokens for our Oauth flows.
POST /api/v1/athletes?code={codeFromAuth0} -- returns the DCSG-ATHLETE cookies
GET /api/v1/athletes/tokens/access -- uses the DCSG-ATHLETE cookies to return a JWT access token, which is then passed to endpoints that require it.
DELETE /api/v1/athletes -- logout
As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.
Get out there and lay claim to those bugs!
