Added support for alternative token storage strategies

Author: JamesRandall

README.md

@@ -2,13 +2,12 @@
 
 This is an Angular directive and HTTP interceptor available as a Bower package for adding OAuth 2 authentication support to AngularJS. In addition to this documentation a couple of samples and tutorials are available:
 
-[Authenticating AngularJS Against OAuth 2.0 / OpenID Using Google Connect](http://www.azurefromthetrenches.com/authenticating-angularjs-against-oauth-2-0-openid-connect/)
-
-[Using AngularJS-OAuth2 with an instance of IdentityServer3](https://github.com/JamesRandall/AngularJS-OAuth2-IdentityServer3-Sample)
+[Authenticating AngularJS Against OAuth 2.0 / OpenID Connect](http://www.azurefromthetrenches.com/authenticating-angularjs-against-oauth-2-0-openid-connect/)
+[Sample of IdentityServer3 and AngularJS-OAuth2](https://github.com/JamesRandall/AngularJS-OAuth2-IdentityServer3-Sample)
 
 The package is versioned using the [semantic versioning policy](http://semver.org).
 
-Feedback is very welcome. Please leave it in the [issues](https://github.com/JamesRandall/AngularJS-OAuth2/issues) area or over on my [blog](https://www.azurefromthetrenches.com).
+Feedback is very welcome. Please leave it in the [Issues](https://github.com/JamesRandall/AngularJS-OAuth2/issues) area or over on my [blog](https://www.azurefromthetrenches.com).
 
 ## Installing the Package
 
@@ -66,9 +65,37 @@ sign-out-url             |*(Optional)* The identity servers sign out endpoint. I
 silent-token-redirect-url|*(Optional)* If specified this will enable silent token renewal and the identity server will redirect to this URL. See section below for further details.
 state                    |*(Optional)* The value to use for CSRF protection. If not specified then a value will be autogenerated.
 template                 |*(Optional)* The Angular template to use for the sign in and out buttons.
+token-storage-handler    |*(Optional)* Allows a custom token storage strategy to be used. See Token Storage below.
 
 ## Token Storage / State Management
 
+By default the directive stores tokens in the browsers session storage however this behaviour can be changed by passing an object into the token-storage-handler attribute that supports the following methods:
+
+**Method**        |**Description**
+------------------|---------------
+clear($window)    |Clears the token from storage
+get($window)      |Retrieves the token from storage, should return the token as a serialized string
+set(token,$window)|Is passed a token as a serializes string and should store it
+
+An example Angular controller implementing memory based token storage is shown below:
+
+    angular.module('uiApp').controller('IndexCtrl', function ($scope) {
+        var memoryToken;
+        $scope.memoryTokenHandler = {
+            get: function() { return memoryToken; },
+            set: function($window, token) { memoryToken = token; },
+            clear: function() { memoryToken = undefined; }
+        };
+    });
+
+As a contrast the default session storage handler (with full method parameters) is shown below:
+
+    var tokenStorage = {
+        get: function($window) { return $window.sessionStorage.getItem('token') },
+        set: function(token, $window) { $window.sessionStorage.setItem('token', token); },
+        clear: function($window) { $window.sessionStorage.removeItem('token'); }
+    };
+
 Data that is required over page refreshes is stored within [session storage](https://developer.mozilla.org/en/docs/Web/API/Window/sessionStorage):
 
 **Data**          |**Description**

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "AngularJS-OAuth2",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "homepage": "https://github.com/JamesRandall/AngularJS-OAuth2",
   "authors": [
     "James Randall"

dist/angularJsOAuth2.js

@@ -1,11 +1,17 @@
 'use strict';
 
 (function() {
+    var tokenStorage = {
+        get: function($window) { return $window.sessionStorage.getItem('token') },
+        set: function(token, $window) { $window.sessionStorage.setItem('token', token); },
+        clear: function($window) { $window.sessionStorage.removeItem('token'); }
+    };
+    
 	function expired(token) {
 		return (token && token.expires_at && new Date(token.expires_at) < new Date());
 	};
 	function getSessionToken($window) {
-		var tokenString = $window.sessionStorage.getItem('token');
+		var tokenString = tokenStorage.get($window);
 		var token = null;
 		if (tokenString && tokenString !== "null" ) {
 			token = JSON.parse(tokenString);
@@ -32,7 +38,7 @@
 			var token = getTokenFromHashParams(hash);
 			if (token !== null) {
 				setExpiresAt(token);
-				$window.sessionStorage.setItem('token', JSON.stringify(token));
+                tokenStorage.set(JSON.stringify(token), $window)	
 			}
 			return token;
 		}
@@ -126,6 +132,7 @@
 			return service.token;
 		};
 		service.destroy = function() {
+            tokenStorage.clear($window)
 			$window.sessionStorage.setItem('token', null);
 			service.token = null;
 		};
@@ -308,22 +315,23 @@
 				restrict: 'E',
 				replace: true,
 				scope: {
-				authorizationUrl: '@',          // authorization server url
-				clientId: '@',       			// client ID
-				redirectUrl: '@',   			// uri th auth server should redirect to (cannot contain #)
-				responseType: '@',  			// defaults to token
-				scope: '@',						// scopes required (not the Angular scope - the auth server scopes)
-				state: '@',						// state to use for CSRF protection
-				template: '@',					// path to a replace template for the button, defaults to the one supplied by bower
-				buttonClass: '@',				// the class to use for the sign in / out button - defaults to btn btn-primary
-				signInText: '@',				// text for the sign in button
-				signOutText: '@',				// text for the sign out button
-				signOutUrl: '@',				// url on the authorization server for logging out. Local token is deleted even if no URL is given but that will leave user logged in against STS
-				signOutAppendToken: '@',		// defaults to 'false', set to 'true' to append the token to the sign out url
-				signOutRedirectUrl: '@',		// url to redirect to after sign out on the STS has completed
-				silentTokenRedirectUrl: '@',	// url to use for silently renewing access tokens, default behaviour is not to do
-				nonce: '@?',					// nonce value, optional. If unspecified or an empty string and autoGenerateNonce is true then a nonce will be auto-generated
-				autoGenerateNonce: '=?'		    // Should a nonce be autogenerated if not supplied. Optional and defaults to true.
+                    authorizationUrl: '@',          // authorization server url
+                    clientId: '@',       			// client ID
+                    redirectUrl: '@',   			// uri th auth server should redirect to (cannot contain #)
+                    responseType: '@',  			// defaults to token
+                    scope: '@',						// scopes required (not the Angular scope - the auth server scopes)
+                    state: '@',						// state to use for CSRF protection
+                    template: '@',					// path to a replace template for the button, defaults to the one supplied by bower
+                    buttonClass: '@',				// the class to use for the sign in / out button - defaults to btn btn-primary
+                    signInText: '@',				// text for the sign in button
+                    signOutText: '@',				// text for the sign out button
+                    signOutUrl: '@',				// url on the authorization server for logging out. Local token is deleted even if no URL is given but that will leave user logged in against STS
+                    signOutAppendToken: '@',		// defaults to 'false', set to 'true' to append the token to the sign out url
+                    signOutRedirectUrl: '@',		// url to redirect to after sign out on the STS has completed
+                    silentTokenRedirectUrl: '@',	// url to use for silently renewing access tokens, default behaviour is not to do
+                    nonce: '@?',					// nonce value, optional. If unspecified or an empty string and autoGenerateNonce is true then a nonce will be auto-generated
+                    autoGenerateNonce: '=?',	    // Should a nonce be autogenerated if not supplied. Optional and defaults to true.
+                    tokenStorageHandler: '='
 				}
 			};
 
@@ -353,6 +361,9 @@
 
 
 			function init() {
+                if (scope.tokenStorageHandler) {
+                    tokenStorage = scope.tokenStorageHandler
+                }
 				scope.buttonClass = scope.buttonClass || 'btn btn-primary';
 				scope.signInText = scope.signInText || 'Sign In';
 				scope.signOutText = scope.signOutText || 'Sign Out';