- Cookie-based (recommended): Omit kmsPayload, uses HTTP-only cookies
- Body-based (legacy): Include kmsPayload with tokens
Properties
| Property | Type | Description |
|---|---|---|
kmsPayload? | RefreshSessionKmsProvider | KMS provider config (optional with HTTP-only cookies) |
encryptionPublicKey | string | HPKE public key for response encryption |