Found the fix.
After more than a day of struggle chatting with ChatGPT with trial and error questioning my life decision, I found that I just need to add below as POST request body
{"mode": "session"}
Basically there are 3 modes in directus
- “json“ // more for debugging/testing I guess, no one wants to deal with tokens directly
- “cookie“ // deprecating it by not allowing it in UI
- “session” // the one we should go
and with session, the session token in cookie includes the refresh_token, so you will only see directus_session_token
