Allow to use sessionStorage for persisting authorization

[eliasdorneles]

Content & configuration

Currently when you use:

SwaggerUI({
  persistAuthorization: true,
})

... then the authorization details will be permanently stored in window.localStorage, as per this line of code, surviving browser restarts, etc.

Describe the solution you'd like

I'd love to be able to do:

SwaggerUI({
  persistAuthorization: true,
  persistAuthorizationInSession: true,
})

... and let it use window.sessionStorage instead, so that i can refresh the page without having to re-authenticate, but wouldn't let the authentication details be available for any page in the same domain, etc.

What do you think?

[sprudel79]

I would like to get this as well, my basic problem with localStorage is basically that the credentials are kept much longer and the token might have expired already when trying to reuse it again. Using sessionStorage would reduce this behavior sense the auth detailed are not kept longer than the actual session.

[solita-kattelus]

Was wondering why in our use case api keys was kept when changing api version on toolbar before (old springfox and old swagger ui). But after some version updates (changed to spring doc and same time swagger ui version get updated) this stopped working. I guess it is related to #7046. In our case we would also like to keep apiKeys in use during session or at least until page is refreshed (and this worked originally) because apis we show in toolbar are all related to our same backend but different versions and because of that api key leaking is not problem.

[solita-kattelus]

Somehow related one #8716