Angular - 在浏览器 cookie 中存储 MSAL AccessToken
Angular - Store MSAL AccessToken in browser cookies
有没有办法配置 msal-angular 以将其 accessToken 配置存储在 cookie 中而不是存储在 localStorage/sessionStorage.
我对在 localStorage/sessionStorage 中存储令牌有安全顾虑。
Github 上也报告了此类问题(检查 here)
我也将 storeAuthStateInCookie 设置为 true,但这也不限制将 accessToken 保存在 localStorage 中。
经过研究,我发现这是 MSAL 库中的一个限制。我的问题是,有没有人故意实现这个功能?
使用的库版本:
- @azure/msal-angular: 1.0.0-beta.4
- msal: 1.2.1
看起来你无法通过 msal-angular 执行此操作,storeAuthStateInCookie 不适用于此,它用于修复 issues due to security zones,不适用于 [=11] =].
This fix is not yet available for the msal-angular and msal-angularjs wrappers. This fix does not address the issue with Popup windows.
也来自这个GitHub issue:
Cookie is designed to be in addition to localstorage/sessionstorage, not as an alternative. It is introduced to solve an issue with IE TrustedZones. Exclusive cookie storage only is not something that we supported in the past.
@Highspeed7 We are in middle of a major update for the library and would love to consider this once we release the current in the works changes. @navyasric to add this in our road map and update this thread as and when we plan to support this.
也许以后会支持这个,但是目前还不能支持。
有没有办法配置 msal-angular 以将其 accessToken 配置存储在 cookie 中而不是存储在 localStorage/sessionStorage.
我对在 localStorage/sessionStorage 中存储令牌有安全顾虑。
Github 上也报告了此类问题(检查 here)
我也将 storeAuthStateInCookie 设置为 true,但这也不限制将 accessToken 保存在 localStorage 中。
经过研究,我发现这是 MSAL 库中的一个限制。我的问题是,有没有人故意实现这个功能?
使用的库版本:
- @azure/msal-angular: 1.0.0-beta.4
- msal: 1.2.1
看起来你无法通过 msal-angular 执行此操作,storeAuthStateInCookie 不适用于此,它用于修复 issues due to security zones,不适用于 [=11] =].
This fix is not yet available for the msal-angular and msal-angularjs wrappers. This fix does not address the issue with Popup windows.
也来自这个GitHub issue:
Cookie is designed to be in addition to localstorage/sessionstorage, not as an alternative. It is introduced to solve an issue with IE TrustedZones. Exclusive cookie storage only is not something that we supported in the past.
@Highspeed7 We are in middle of a major update for the library and would love to consider this once we release the current in the works changes. @navyasric to add this in our road map and update this thread as and when we plan to support this.
也许以后会支持这个,但是目前还不能支持。