Oidc-client-js: How can I switch to using localStorage for user store? If this is not recommended or a bad idea, why?

Created on 3 Jun 2016  路  8Comments  路  Source: IdentityModel/oidc-client-js

This may be more of a webpack-related question, but then again maybe not.

I can't figure out how I can change the user store to use localStorage rather than session storage. Currently if I open a new tab in my client application, it does not have access to my user information, and therefore begins a login redirect.

I have tried passing on the settings object to the UserManager with userStore: localStorage but I am getting TypeError: this._userStore.get is not a function(...) when calling UserManager.getUser(). Here are the two log entries leading up to the error:

UserManager.getUser
_loadUser
picture m-andrew-albright
👍2

Most helpful comment

I figured it out by digging through the source code for a while. I had to set:

userStore: new WebStorageStateStore({ store: localStorage})

picture m-andrew-albright on 3 Jun 2016
👍3

All 8 comments

I figured it out by digging through the source code for a while. I had to set:

userStore: new WebStorageStateStore({ store: localStorage})

m-andrew-albright picture m-andrew-albright on 3 Jun 2016
👍3

Feel free to add to the wiki/docs :)

Also, localStorage is slightly discouraged for PII reasons.

brockallen picture brockallen on 3 Jun 2016

So is it more recommended then to have the user redirect to obtain a new token every time they open a new browser tab/window? I am somewhat of an auth/oauth2/oidc newb trying to learn.

I will try to spend a little time adding a couple things to the wiki/docs later.

m-andrew-albright picture m-andrew-albright on 3 Jun 2016

Use the silent renew feature to get new tokens. If that fails, then you need user interaction.

brockallen picture brockallen on 3 Jun 2016

So the silent renew feature would work across browser tabs? So it's normal for say four browser tabs to be open, with each tab using a different token for auth?

m-andrew-albright picture m-andrew-albright on 3 Jun 2016

Yes, because you already have a cookie with the AS.

brockallen picture brockallen on 4 Jun 2016

Hey @m-andrew-albright
I was happy when found this thread but unfortunately it didn't work for me. Even while userStore is set to Local Storage (i can check it while debugging) user info is still stored in Session Storage and now i can't even login because getUser() returns null all the time.

Didn't you made any additional setup except this setting?

P.S. I'm using oidc-client in Angular app and use response_type: code

NTurakulov picture NTurakulov on 5 Sep 2019

UPD:
Solved my problem - I used two different instances of UserManager for signinRedirect() and signInCallbackRedirect() which had different configuration. Thus while one instance was putting userInfo into Local Stroage another one was searching for in Session Storage.

Using the same instance for both procedures fixed the bug - now opening the same website in a new tab while being authorized in the first one doesn't require to sign in again!

NTurakulov picture NTurakulov on 5 Sep 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mode777 picture mode777  路  3Comments
tamias picture tamias  路  3Comments
pottabathini picture pottabathini  路  5Comments
pawepaw picture pawepaw  路  3Comments
slug56 picture slug56  路  4Comments