Add a flag to disable writing AuthUser tokens to browser's local storage

## Is your feature request related to a problem? Please describe.

The application stores the user's access token and ID token in local storage, which is not great, as any XSS vulnerability could lead to session hijacking.

## Describe the solution you'd like

Add a server-side configuration flag to disable writing AuthUser tokens to browser's local storage. The default value is disable=false so it won't change existing behavior.

## Describe alternatives you've considered



## Additional context


The tokens are written to local storage by the code in src/lib/stores/auth-user.ts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add a flag to disable writing AuthUser tokens to browser's local storage #2945

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add a flag to disable writing AuthUser tokens to browser's local storage #2945

Description

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions