OIDC SSO authentication token storage for Angular SPA application


#1

We have a requirement to implement SSO authentication for Angular 5 app using Okta. The other applications in the enterprise that communicate with Angular use SAML authentication. Since there is no configuration available for Angular 5 with SAML authentication, we are planning to implement the Okta OIDC SSO where the user will login only once and then the access token will be stored in the local storage.
The token will be validated every time the user access the url and use silent refresh to renew the token.

Is there any other better option to implement the OIDC SSO other than storing in local storage? The requirement is the user should not be validating everytime after they close the browser or open a new tab. Please advice


#2

localStorage will persist through browser close.

Okta’s auth.js sdk and angular SDK can refresh the tokens based on the Okta Session for SSO, without requiring a redirect.

You can also use OIDC functionality prompt=none through a redirect to validate that they still have a session with okta.

Hope this information helps!


#3

Thank you Tom, it helped. I am using okta auth js library and it refreshes the token based on the Okta session without redirect.

We are implementing the authentication enterprise wide and we would like to have the username as the company’s lan id instead of the email id. We already have the users loaded in okta for SAML authentication and used in various apps. Is there an option to load the users to the SPA app which uses Outh authentication and allow to use the lan id as the username to login?