It's infact safe to asume that the auth flow should remain in the sam…

…e tab
keycloakify · Feb 8, 2025 · 7b7e989 · 7b7e989
1 parent 242bfc7
commit 7b7e989
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/oidc/StateData.ts b/src/oidc/StateData.ts
@@ -50,7 +50,7 @@ export function getStateData(params: {
 
     const KEY = `${STATE_STORE_KEY_PREFIX}${configHash}`;
 
-    const lsItem = localStorage.getItem(KEY);
+    const lsItem = sessionStorage.getItem(KEY);
 
     if (lsItem === null) {
         return undefined;
@@ -71,7 +71,7 @@ export function getStateData(params: {
 
         data.hasBeenProcessedByCallback = true;
 
-        localStorage.setItem(KEY, JSON.stringify(obj));
+        sessionStorage.setItem(KEY, JSON.stringify(obj));
     }
 
     return data;

diff --git a/src/oidc/createOidc.ts b/src/oidc/createOidc.ts
@@ -266,7 +266,7 @@ export async function createOidc_nonMemoized<
         scope: Array.from(new Set(["openid", ...scopes])).join(" "),
         automaticSilentRenew: false,
         userStore: new WebStorageStateStore({ store: new InMemoryWebStorage() }),
-        stateStore: new WebStorageStateStore({ store: localStorage, prefix: STATE_STORE_KEY_PREFIX }),
+        stateStore: new WebStorageStateStore({ store: sessionStorage, prefix: STATE_STORE_KEY_PREFIX }),
         client_secret: __clientSecret_DO_NOT_USE_OR_YOU_WILL_BE_FIRED
     });