Alternate Token Storage

[tschroedertlc]

Would it be feasible to add support for custom storage in TokenManager? For example, I'm looking to store my auth info in VueX instead of localStorage, sessionStorage, or a cookie.

To make this easier, the most elegant solution seems to be to pass a custom object into the tokenManager object for the constructor that has getItem and setItem built in. Then in the switch statement that identifies the type of storage (in TokenManager), it could do a check at the end to identify if it is an object with those methods instead of just a check for "localStorage", "sessionStorage", or "cookie".

This would enable various frameworks to use different ways to store the tokens and generalize the pattern for their framework such as Redux or just in memory. If this seems like a reasonable approach, I'd be willing to submit a pull request.

[swiftone]

Thanks for the PR @tschroedertlc! While our product people consider your request, would you be willing to sign and submit a CLA for us? https://developer.okta.com/cla/

[tschroedertlc]

@swiftone Sounds good. I completed it and e-mailed it to your team.

On a side note, the change seems to be functioning correctly in my application and I was able to implement the token storage in VueX using the submitted code and auth appears to be working correctly.

[americk0]

+1 for this issue.

My team is making use of the @okta/okta-react package which uses this library and we're trying to meet a security best practice recommended by Auth0 saying that the safest place to store tokens in an SPA is in memory with no persistence. It looks like PR #212 will enable us to implement that type of storage option if/when it gets merged.

This library is a great tool by the way. Love the work you've all done