Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Current Logged in User's access token is stored inside the web browsers local Storage #7172

Closed
maisteringadmin opened this issue Jun 23, 2024 · 1 comment
Closed

Current Logged in User's access token is stored inside the web browsers local Storage #7172

maisteringadmin opened this issue Jun 23, 2024 · 1 comment
Labels
documentation Related to documentation. msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@maisteringadmin
Copy link

maisteringadmin commented Jun 23, 2024
edited
Loading

Core Library

MSAL.js (@azure/msal-browser)

Wrapper Library

MSAL Angular (@azure/msal-angular)

Public or Confidential Client?

Public

Documentation Location

https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser

Description

Logged in User's access token is stored inside the web browsers HTML localStorage, this has been flagged by our Security partners as vulnerable, please suggest on this issue?

Please refer the below Screen Shot:

image
@maisteringadmin maisteringadmin added documentation Related to documentation. question Customer is asking for a clarification, use case or information. labels Jun 23, 2024
@github-actions github-actions bot added msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Jun 23, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jun 23, 2024
@tnorling
Copy link
Collaborator

Cache location is configurable and can be set to memoryStorage if you have concerns with local or session storage. Please note however that there are drawbacks with this option, namely loss of persistence across page refresh. We do not believe there are inherent security risks with localStorage as long as you are not vulnerable to XSS based attacks. Please see this doc for more information about storage configurations and recommendations.

@microsoft-github-policy-service microsoft-github-policy-service bot removed the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jun 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Related to documentation. msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tnorling @maisteringadmin