Hi,
I have a front end spring boot server that loads a html page using javascript. I am using Okta sign In widget to generate Authorization Code. I am further using /token endpoint to generate access token using the authorization code.
Is there a mechanism to store the access token generated by token endpoint in Okta sign In widget using tokenManager?
Also does Okta use session storage to store the token ( via token manager)? Is this a safe mechanism for storing a jwt token?
Starting from the latest: access_token is better be stored in a cookie, as storage can be read and sent to a malicious third-party site, while cookie can’t
Okta Widget has token manager, as you stated, which can store the token indeed.
I assumed tokenManager was making the calls for me (lazily caching in local storage and refreshing as needed). After creating my instance of the widget I just call this…
let response = await myOktaSignIn.authClient.tokenManager.get('accessToken');
…and that loads a bearer token in response.accessToken
but if you have your reasons for grabbing the tokens like this
let response = await myOktaSignIn.authClient.token.getWithoutPrompt({ scopes: myScopesWithOfflineAccess });
then you can still use tokenManager for storage [by adding them explicity]
myOktaSignIn.authClient.tokenManager.add('idToken', response.tokens.idToken); myOktaSignIn.authClient.tokenManager.add('accessToken', response.tokens.accessToken);