65. var accessToken = parseTokenFromHash();
if (accessToken && window.opener && window.opener.setToken) {
window.opener.setToken(accessToken);
}
self.close();
66. Couple of warnings
‣ It’s secure, but not that secure
‣ Don’t store access tokens in a cookie (localStorage works)
‣ It’s fairly easy for developers to accidentally leak tokens
‣ Make them expire after a very short amount of time
‣ Can use ‘immediate’ mode to refresh expired tokens