Hi,

I think this is just a question (or several questions), but it could turn into feature/documentation requests.

Background

I would like to use amazon-cognito-identity-js for a new website that I'm working on. In order to comply with privacy legislation such as GDPR and Cookie Law, I would like to offer visitors an option to opt in or out of the use of cookies, which would include the use of local storage (please see the Cookie Law link above).

MemoryStorage

My application is a single page app so, if a user were to opt out, I believe it could fall back to 'in memory' storage which would mean that data would only persist until the user leaves the site or refreshes a page.

I note that StorageHelper.js has a MemoryStorage class, but it is not exported and only appears to be used if window.localStorage cannot be used. Is there a reason why it isn't exported so that it can be used as a storage option?

I appreciate other libraries exist which provide this functionality, but are there any other downsides to using in-memory storage beyond lack of persistence? If not, could the MemoryStorage class be exported please?

Expiry/Deletion

AIUI, under the aforementioned legislation, cookies, etc. should not persist for more than 365 days and consent must be re-validated every 365 days as well (please see: https://www.cookiebot.com/en/gdpr-cookies/).

I note that the CookieStorage class defaults to 365 day expiry, but I do not believe local storage natively supports the concept of expiry, it would have to be done programmatically. Can/will this library do that for local storage? If not, I shall probably use CookieStorage instead.

Having opted in, a user may decide to change their preference and opt out. Therefore, it would be necessary to delete the stored values in that case. I note that the CookieStorage class has a clear() function. What cookies would be cleared as a result of calling this? All cookies belonging to the domain or just the ones created/used by this library?

In addition to allowing users to opt in or out, I would like to allow users to opt in or out of specific classes of storage. According to the common classification system, I believe the class of storage used by this library in the context of my website would be 'Functionality', given that the site could still be used without it (i.e. they are not 'Strictly Necessary' assuming in-memory storage can be used).

If calling the clear() function would cause all cookies to be deleted for the domain, calling it may not be desirable given that a user may decide to opt in to some classes of cookies but not others. Therefore, it would be necessary to iterate the cookies created/used by this library and delete them.

Are they listed?

Is there a definitive list of all the storage values (local storage keys, cookie names, etc.)?

As well as it possibly being necessary to use the list to delete cookies for this library, I would like to list the cookies on a privacy/cookie page. Therefore, it would be useful to understand the purpose of each as well as any other relevant information (such as cookie type, etc.)?

Thanks!

I appreciate you taking the time to read this. I look forward to seeing your replies. Thanks again!