Remove storeAuthStateInCookie

Author: jo-arroyo

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -109,7 +109,6 @@ body:
                 },
                 cache: {
                   cacheLocation: "sessionStorage"
-                  storeAuthStateInCookie: false
                 }
               }
       validations:

lib/msal-angular/docs/configuration.md

@@ -58,7 +58,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from "
         },
         cache: {
           cacheLocation: BrowserCacheLocation.LocalStorage,
-          storeAuthStateInCookie: true, // set to true for IE 11
         },
         system: {
           loggerOptions: {
@@ -261,7 +260,6 @@ fetch("/assets/configuration.json")
     },
     "cache": {
       "cacheLocation": "localStorage",
-      "storeAuthStateInCookie": true
     }
   },
   "guard": {
@@ -471,7 +469,6 @@ export class AppModule {}
     },
     "cache": {
       "cacheLocation": "localStorage",
-      "storeAuthStateInCookie": true
     }
   },
   "guard": {

lib/msal-angular/docs/events.md

@@ -222,7 +222,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from "
             },
             cache: {
                 cacheLocation : BrowserCacheLocation.LocalStorage,
-                storeAuthStateInCookie: true, // set to true for IE 11
             },
             system: {
                 loggerOptions: {

lib/msal-angular/docs/initialization.md

@@ -31,7 +31,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from "
             },
             cache: {
                 cacheLocation : BrowserCacheLocation.LocalStorage,
-                storeAuthStateInCookie: true, // set to true for IE 11
             },
             system: {
                 loggerOptions: {
@@ -115,7 +114,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from "
             },
             cache: {
                 cacheLocation : BrowserCacheLocation.LocalStorage,
-                storeAuthStateInCookie: true, // set to true for IE 11
             },
             system: {
                 loggerOptions: {

lib/msal-browser/docs/configuration.md

@@ -24,7 +24,6 @@ const msalConfig = {
     cache: {
         cacheLocation: "sessionStorage",
         temporaryCacheLocation: "sessionStorage",
-        storeAuthStateInCookie: false,
         secureCookies: false,
         claimsBasedCachingEnabled: true,
     },
@@ -98,7 +97,6 @@ const msalInstance = new PublicClientApplication(msalConfig);
 | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- |
 | `cacheLocation`             | Location of token cache in browser.                                                                                                                                                                                                                                                                                                                                                                                             | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage`                                    |
 | `temporaryCacheLocation`    | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more.                                                                                                                                                          | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage`                                    |
-| `storeAuthStateInCookie`    | If true, stores cache items in cookies as well as browser cache. Should be set to true for use cases using IE.                                                                                                                                                                                                                                                                                                                  | boolean                                                                                                 | `false`                                             |
 | `secureCookies`             | If true and `storeAuthStateInCookies` is also enabled, MSAL adds the `Secure` flag to the browser cookie so it can only be sent over HTTPS.                                                                                                                                                                                                                                                                                     | boolean                                                                                                 | `false`                                             |
 | `cacheMigrationEnabled`     | If true, cache entries from older versions of MSAL will be updated to conform to the latest cache schema on startup. If your application has not been recently updated to a new version of MSAL.js you can safely turn this off. In the event old cache entries are not migrated it may result in a cache miss when attempting to retrieve accounts or tokens and affected users may need to re-authenticate to get up to date. | boolean                                                                                                 | `true` when using `localStorage`, `false` otherwise |
 | `claimsBasedCachingEnabled` | If `true`, access tokens will be cached under a key containing the hash of the requested claims string, resulting in a cache miss and new network token request when the same token request is made with different or missing claims. If set to `false`, tokens will be cached without claims, but all requests containing claims will go to the network and overwrite any previously cached token with the same scopes.        | boolean                                                                                                 | `false`                                             |

lib/msal-browser/src/cache/BrowserCacheManager.ts

@@ -68,8 +68,6 @@ import { EventHandler } from "../event/EventHandler.js";
 
 /**
  * This class implements the cache storage interface for MSAL through browser local or session storage.
- * Cookies are only used if storeAuthStateInCookie is true, and are only used for
- * parameters such as state and nonce, generally.
  */
 export class BrowserCacheManager extends CacheManager {
     // Cache configuration, either set by user or default values.
@@ -885,21 +883,10 @@ export class BrowserCacheManager extends CacheManager {
 
     /**
      * Gets cache item with given key.
-     * Will retrieve from cookies if storeAuthStateInCookie is set to true.
      * @param key
      */
     getTemporaryCache(cacheKey: string, generateKey?: boolean): string | null {
         const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey;
-        if (this.cacheConfig.storeAuthStateInCookie) {
-            const itemCookie = this.cookieStorage.getItem(key);
-            if (itemCookie) {
-                this.logger.trace(
-                    "BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"
-                );
-                return itemCookie;
-            }
-        }
-
         const value = this.temporaryCacheStorage.getItem(key);
         if (!value) {
             // If temp cache item not found in session/memory, check local storage for items set by old versions
@@ -928,8 +915,6 @@ export class BrowserCacheManager extends CacheManager {
 
     /**
      * Sets the cache item with the key and value given.
-     * Stores in cookie if storeAuthStateInCookie is set to true.
-     * This can cause cookie overflow if used incorrectly.
      * @param key
      * @param value
      */
@@ -939,14 +924,7 @@ export class BrowserCacheManager extends CacheManager {
         generateKey?: boolean
     ): void {
         const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey;
-
         this.temporaryCacheStorage.setItem(key, value);
-        if (this.cacheConfig.storeAuthStateInCookie) {
-            this.logger.trace(
-                "BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"
-            );
-            this.cookieStorage.setItem(key, value, undefined);
-        }
     }
 
     /**
@@ -959,17 +937,10 @@ export class BrowserCacheManager extends CacheManager {
 
     /**
      * Removes the temporary cache item with the given key.
-     * Will also clear the cookie item if storeAuthStateInCookie is set to true.
      * @param key
      */
     removeTemporaryItem(key: string): void {
         this.temporaryCacheStorage.removeItem(key);
-        if (this.cacheConfig.storeAuthStateInCookie) {
-            this.logger.trace(
-                "BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"
-            );
-            this.cookieStorage.removeItem(key);
-        }
     }
 
     /**
@@ -1370,7 +1341,6 @@ export const DEFAULT_BROWSER_CACHE_MANAGER = (
     const cacheOptions: Required<CacheOptions> = {
         cacheLocation: BrowserCacheLocation.MemoryStorage,
         temporaryCacheLocation: BrowserCacheLocation.MemoryStorage,
-        storeAuthStateInCookie: false,
         cacheMigrationEnabled: false,
         claimsBasedCachingEnabled: false,
     };

lib/msal-browser/src/config/Configuration.ts

@@ -127,10 +127,6 @@ export type CacheOptions = {
      * Used to specify the temporaryCacheLocation user wants to set. Valid values are "localStorage", "sessionStorage" and "memoryStorage".
      */
     temporaryCacheLocation?: BrowserCacheLocation | string;
-    /**
-     * If set, MSAL stores the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.
-     */
-    storeAuthStateInCookie?: boolean;
     /**
      * If set, MSAL will attempt to migrate cache entries from older versions on initialization. By default this flag is set to true if cacheLocation is localStorage, otherwise false.
      */
@@ -287,7 +283,6 @@ export function buildConfiguration(
     const DEFAULT_CACHE_OPTIONS: Required<CacheOptions> = {
         cacheLocation: BrowserCacheLocation.SessionStorage,
         temporaryCacheLocation: BrowserCacheLocation.SessionStorage,
-        storeAuthStateInCookie: false,
         // Default cache migration to true if cache location is localStorage since entries are preserved across tabs/windows. Migration has little to no benefit in sessionStorage and memoryStorage
         cacheMigrationEnabled:
             userInputCache &&

lib/msal-browser/src/controllers/StandardController.ts

@@ -257,7 +257,6 @@ export class StandardController implements IController {
         const nativeCacheOptions: Required<CacheOptions> = {
             cacheLocation: BrowserCacheLocation.MemoryStorage,
             temporaryCacheLocation: BrowserCacheLocation.MemoryStorage,
-            storeAuthStateInCookie: false,
             cacheMigrationEnabled: false,
             claimsBasedCachingEnabled: false,
         };

lib/msal-browser/src/error/BrowserConfigurationAuthError.ts

@@ -13,7 +13,7 @@ export const BrowserConfigurationAuthErrorMessages = {
     [BrowserConfigurationAuthErrorCodes.stubbedPublicClientApplicationCalled]:
         "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",
     [BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable]:
-        "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true.",
+        "Redirect cannot be supported. In-memory storage was selected, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage.",
 };
 
 /**

lib/msal-browser/src/utils/BrowserUtils.ts

@@ -171,10 +171,9 @@ export function redirectPreflightCheck(
 ): void {
     preflightCheck(initialized);
     blockRedirectInIframe(config.system.allowRedirectInIframe);
-    // Block redirects if memory storage is enabled but storeAuthStateInCookie is not
+    // Block redirects if memory storage is enabled
     if (
-        config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage &&
-        !config.cache.storeAuthStateInCookie
+        config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage
     ) {
         throw createBrowserConfigurationAuthError(
             BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable

lib/msal-browser/test/app/PublicClientApplication.spec.ts

@@ -119,7 +119,6 @@ import { INTERACTION_TYPE } from "../../src/utils/BrowserConstants.js";
 const cacheConfig = {
     temporaryCacheLocation: BrowserCacheLocation.SessionStorage,
     cacheLocation: BrowserCacheLocation.SessionStorage,
-    storeAuthStateInCookie: false,
     cacheMigrationEnabled: false,
     claimsBasedCachingEnabled: false,
 };
@@ -1933,14 +1932,13 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
             }
         });
 
-        it("throws error if cacheLocation is Memory Storage and storeAuthStateInCookie is false", async () => {
+        it("throws error if cacheLocation is Memory Storage", async () => {
             pca = new PublicClientApplication({
                 auth: {
                     clientId: TEST_CONFIG.MSAL_CLIENT_ID,
                 },
                 cache: {
                     cacheLocation: BrowserCacheLocation.MemoryStorage,
-                    storeAuthStateInCookie: false,
                 },
                 system: {
                     allowPlatformBroker: false,
@@ -7281,7 +7279,6 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
                 {
                     cacheLocation: BrowserCacheLocation.LocalStorage,
                     temporaryCacheLocation: BrowserCacheLocation.SessionStorage,
-                    storeAuthStateInCookie: false,
                     cacheMigrationEnabled: false,
                     claimsBasedCachingEnabled: false,
                 },