We use cookie to identify user coming from particular Confluence instance as we need to know individual users (not only instance). Here is how workflow works:
- User authorizes third party service eg. Github using oauth2 flow
- Save authorization code in the add-on server
- Use cookie to identify subsequent requests
This works fine. However, requests from some users does not contain cookies which means they have to follow step 1 and 2 all the time. We are not able to reproduce it ourselves but it happens when users use our add-on.
Are there any limitations in Connect iframe or iframe in general that we are not aware of?
How do you handling accessing third party services on behalf of user in general?