root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Store oidc tokens in localStorage instead of sessionStorage 

Use of `sessionStorage` makes user experience extremely hostile, as separate tabs in a browser do not share the session. In addition to that, opening a new tab happens to initiate complete IdP signout if another signed in tab is open. None of these problems appear if `localStorage` is used.

Original author clearly had an idea to implement this, but for whatever reason kept this line commented out. Maybe because `WebStorageStateStore` type needs to be qualified with `oidc.`?
This commit is contained in:
Yuriy Ostapenko 2024-03-13 18:44:20 +01:00 committed by GitHub
parent 210a685313
commit 49559d1814
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js vendored
View File

@ -88,7 +88,7 @@ function auth_settings_apply_defaults(authSettings) {
function oauth_initialize_user_manager(resource_server) {
oidcSettings = {
//userStore: new WebStorageStateStore({ store: window.localStorage }),
userStore: new oidc.WebStorageStateStore({ store: window.localStorage }),
authority: resource_server.oauth_provider_url,
client_id: resource_server.oauth_client_id,
response_type: resource_server.oauth_response_type,