Angular - 在浏览器 cookie 中存储 MSAL AccessToken

Angular - Store MSAL AccessToken in browser cookies

有没有办法配置 msal-angular 以将其 accessToken 配置存储在 cookie 中而不是存储在 localStorage/sessionStorage.

我对在 localStorage/sessionStorage 中存储令牌有安全顾虑。

Github 上也报告了此类问题(检查 here

我也将 storeAuthStateInCookie 设置为 true,但这也不限制将 accessToken 保存在 localStorage 中。

经过研究,我发现这是 MSAL 库中的一个限制。我的问题是,有没有人故意实现这个功能?

使用的库版本:

  1. @azure/msal-angular: 1.0.0-beta.4
  2. msal: 1.2.1

看起来你无法通过 msal-angular 执行此操作,storeAuthStateInCookie 不适用于此,它用于修复 issues due to security zones,不适用于 [=11] =].

This fix is not yet available for the msal-angular and msal-angularjs wrappers. This fix does not address the issue with Popup windows.

也来自这个GitHub issue

Cookie is designed to be in addition to localstorage/sessionstorage, not as an alternative. It is introduced to solve an issue with IE TrustedZones. Exclusive cookie storage only is not something that we supported in the past.

@Highspeed7 We are in middle of a major update for the library and would love to consider this once we release the current in the works changes. @navyasric to add this in our road map and update this thread as and when we plan to support this.

也许以后会支持这个,但是目前还不能支持。