timdeschryver
commented
1 week ago Do you find the information you need in the docs? https://angular-auth-oidc-client.com/docs/documentation/custom-storage
Open prakashsatyani opened 1 week ago
timdeschryver
commented
1 week ago Do you find the information you need in the docs? https://angular-auth-oidc-client.com/docs/documentation/custom-storage
prakashsatyani
commented
6 days ago We have already looked at this document and unfortunately that’s not something we can use due to security reasons.
In v13, OIDC token call happened after each reload regardless of the session storage contents. However, this behaviour has changed in v15 which is creating a security concern at our end.
We wish to circumvent this new validation from v15
What Version of the library are we using? 15
Question After upgrading from
angular-auth-oidc-clientlibrary for Angular 13 to the version for Angular 15, we noticed a change in behavior regarding token storage and the handling of thetoken.oauthAPI call.Previously (Angular 13 version), the
token.oauthAPI call was made on every page reload, ensuring that the latest authentication token was retrieved. However, in the Angular 15 version of the library, the token is now being stored in session storage. Upon page reload, if the token is present in session storage, thetoken.oauthAPI call is not triggered.This new behavior is causing an issue in our use case, as we rely on always making the
token.oauthAPI call to fetch an updated token and ensure proper authentication. This also presents a security concern for some of our partners.Request Is there any way to:
Having control over this behavior would be helpful, as different use cases may require either always making the
token.oauthAPI call or relying on session storage for performance optimization.We appreciate your support and look forward to any suggestions or workarounds.