有没有办法配置 msal-Angular 将其 accessToken 配置存储在 cookie 中,而不是存储在 localStorage/sessionStorage 中。
我对将 token 存储在 localStorage/sessionStorage 中存在安全问题。
Github 上也报告了此类问题(检查 here )
我还将 storeAuthStateInCookie 设置为 true,但这也不限制将 accessToken 保存在 localStorage 中。
经过研究,我发现这是 MSAL 库的一个限制。我的问题是有人故意实现这个功能吗?
使用的库版本:
- @azure/msal-Angular:1.0.0-beta.4
- msal:1.2.1
最佳答案
看起来您无法通过 msal-Angular 执行此操作,storeAuthStateInCookie 不是用于此目的,它用于修复 issues due to security zones ,并且不适用于 msal-Angular。
This fix is not yet available for the msal-angular and msal-angularjs wrappers. This fix does not address the issue with Popup windows.
也来自这个GitHub issue :
Cookie is designed to be in addition to localstorage/sessionstorage, not as an alternative. It is introduced to solve an issue with IE TrustedZones. Exclusive cookie storage only is not something that we supported in the past.
@Highspeed7 We are in middle of a major update for the library and would love to consider this once we release the current in the works changes. @navyasric to add this in our road map and update this thread as and when we plan to support this.
也许将来会支持这个,但目前还做不到。
关于Angular - 将 MSAL AccessToken 存储在浏览器 cookie 中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66903878/