PKCE flow with okta-react is storing okta-token-storage in localstorage. How to move it cookies?

Question

I have implemented PKCE flow with @okta/okta-react library. After successful login it is storing accessToken and idToken in local-storage. But due an organizational policy, we need to store these in cookies only. How can I configure it to be stored in cookies instead of local-storage ?

I looked into okta-react official documentation and endless video tutorials, however I don't see any configuration/parameter by which I can configure where I want to store these tokens.

score 0 · Answer 1 · answered Mar 24 '22 at 13:13

0

When you configure your OktaAuth client, you can set the tokenManager.storage to save the token in the sessionStorage:

const config = {
  // Required config
  issuer: 'https://{yourOktaDomain}/oauth2/default',

  // Required for login flow using getWithRedirect()
  clientId: 'GHtf9iJdr60A9IYrR0jw',
  redirectUri: 'https://acme.com/oauth2/callback/home',

  // Parse authorization code from hash fragment instead of search query
  responseMode: 'fragment',

  // Configure TokenManager to use sessionStorage instead of localStorage
  tokenManager: {
    storage: 'sessionStorage'
  }
};

var authClient = new OktaAuth(config);

Reference: https://github.com/okta/okta-auth-js

answered Mar 24 '22 at 13:13

Francesco Clementi

1,874
4
13
28

Thanks a lot. It works for okta-cache-storage and okta-token-storage. However, okta-original-uri-storage and okta-shared-transaction-storage are still being stored in localstorage. I tried with storageManager configuration as well. These always to localstorage. – ashish.99 Mar 25 '22 at 06:55
You can set those individually using the "storageManager" config option described here: https://github.com/okta/okta-auth-js#storagemanager – Scott Nedderman Jun 12 '22 at 22:26

PKCE flow with okta-react is storing okta-token-storage in localstorage. How to move it cookies?

1 Answers1