Why are Supabase Access Tokens stored in local Storage?
self-hostedauth🟡javascriptI hooked supabase up with keycloak as oauth provider and I use the oauth weweb action to start the authentication process.
Apparently, supabase stores the access token in cookies as well as in the local storage. From my understanding, local storage can be read by (potentially malicious) javascript, thererfore it would be more secure to only have the access token inside a httpOnly cookie.
Is it really necessary to store access tokens in the local storage? Can I configure it, so only cookies are used?
Apparently, supabase stores the access token in cookies as well as in the local storage. From my understanding, local storage can be read by (potentially malicious) javascript, thererfore it would be more secure to only have the access token inside a httpOnly cookie.
Is it really necessary to store access tokens in the local storage? Can I configure it, so only cookies are used?
