I’m working on a project where I was mandated to save access_token and refresh_tokens inside the cookie as file/database written was prohibited. Please do not go into the mute discussion of better approaches, this is what I’m stuck with, I’ve already travelled that road.