Store and Reuse AccessToken for Silent Login

[BenjiFuse]

Once logged in, if a user reloads the SPA either by refreshing the page or navigating via the address bar, the login context is "lost", and the user must trigger another login. At least for my Azure AD provider the subsequent login redirects immediately without the need for interaction.

I wonder if it would it be possible to store the users access_token and expires in SessionStorage? That way when the context is configured, it could first check those stored values and attempt a silent login flow to obtain a new access, refresh, and id token. I believe the Microsoft Graph Toolkit components function in this way to persist the login state across page reloads.

What are your thoughts?

[ctron]

At least for my Azure AD provider the subsequent login redirects immediately without the need for interaction.

And this is how it should be. Access tokens should not be stored. They are actually only active in a single session (tab). Not even shared with other tabs.

There was a discussion on #1 about the same topic, which goes into a bit more detail. Maybe it pin it 😁

Let me know if this explains it.