IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Apache License 2.0
2.43k stars 841 forks source link

code_verifier in local storage #1159

Closed deanmaster closed 4 years ago

deanmaster commented 4 years ago

Hello @brockallen ,

I observed that each authenticate process oidc-client creates a key in local storage follow pattern: oidc.random_string which value has code_verifier. May I ask if we are free to clear these keys after successfully authenticated? Or may be any reasons for not deleting these information by default in oidc-client?

authority: "******" client_id: "******" code_verifier: "37f5857c1a6f45369958a38397cfd3535ae4ad199c9c4a18846175015871c90ceccce82b214893923f0172edec3c8f" created: ****** extraTokenParams: {} id: "******" redirect_uri: "******" request_type: "si:r" response_mode: "query" scope: "openid"

Thanks for this, Tuan Do

brockallen commented 4 years ago

Yes, and there's an API to do so: https://github.com/IdentityModel/oidc-client-js/blob/dev/src/OidcClient.js#L222

deanmaster commented 4 years ago

thank you very much I will use that.