tnorling
commented
3 months ago Cache location is configurable and can be set to memoryStorage if you have concerns with local or session storage. Please note however that there are drawbacks with this option, namely loss of persistence across page refresh. We do not believe there are inherent security risks with localStorage as long as you are not vulnerable to XSS based attacks. Please see this doc for more information about storage configurations and recommendations.
Core Library
MSAL.js (@azure/msal-browser)
Wrapper Library
MSAL Angular (@azure/msal-angular)
Public or Confidential Client?
Public
Documentation Location
https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser
Description
Logged in User's access token is stored inside the web browsers HTML localStorage, this has been flagged by our Security partners as vulnerable, please suggest on this issue?
Please refer the below Screen Shot: