From ebf7272b2d381b229ecf6b04a41d2fcf751e949c Mon Sep 17 00:00:00 2001 From: Guillaume Tardif Date: Wed, 21 Dec 2022 14:09:03 +0100 Subject: [PATCH] Update info about extension local storage and tokens (#16390) Signed-off-by: Guillaume Tardif Signed-off-by: Guillaume Tardif --- desktop/extensions-sdk/guides/oauth2-flow.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/desktop/extensions-sdk/guides/oauth2-flow.md b/desktop/extensions-sdk/guides/oauth2-flow.md index 961d8f5d96..ac3d8d483d 100644 --- a/desktop/extensions-sdk/guides/oauth2-flow.md +++ b/desktop/extensions-sdk/guides/oauth2-flow.md @@ -102,14 +102,15 @@ Finally, you can read the access token from the HTTP response and pass it to the ## Step three: Store the access token -The Docker Extensions SDK does not currently provide a mechanism to safely store secrets. -It is highly recommended that you use an external source of storage to store the access token. +The Docker Extensions SDK doesn't currently provide a specific mechanism to store secrets. -> Warning +It's highly recommended that you use an external source of storage to store the access token. + +> Note > -> Storing the access token in a client's localStorage is a security risk as that storage is currently shared amongst all extensions. -{: .warning} +> The user interface Local Storage is isolated between extensions (an extension can't access another extension's local storage), and each extension's local storage gets deleted when users uninstall an extension. + +## What's next -## What's next Learn how to [publish and distribute your extension](../extensions/index.md)