Angular example stores token in localstorage


Since yesterday I’m experimenting with okta. The angular example was a good starting point.
When doing research I found out that it is insecure to store tokens in localstorage. This way of storing the token is vulnerable to XSS. My question is why does this example store the token in localstorage instead of a safer method?

Some links I used for Research: