trickydisco78
commented
4 years ago In the vanilla implementing it has the option of in memory storage
Oidc.WebStorageStateStore({ store: new Oidc.InMemoryWebStorage() }),
Can we have this option?
Closed youf-olivier closed 4 years ago
trickydisco78
commented
4 years ago In the vanilla implementing it has the option of in memory storage
Oidc.WebStorageStateStore({ store: new Oidc.InMemoryWebStorage() }),
Can we have this option?
youf-olivier
commented
4 years ago I'm on it :).
trickydisco78
commented
4 years ago oh wow. thanks
youf-olivier
commented
4 years ago Actually, I work on it since yesterday. But I didn't notice there was a InMemoryWebStroage in the oidc package, so thanks to you
youf-olivier
commented
4 years ago Abandoned. We will work with memory (https://tools.ietf.org/html/rfc6819#section-5.1.6)
https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0
It could be necessary to let the user to choose between default storage (session storage in this case) and a Cookie storage.