Storing auth token


I am working on a web extension, where I need to store auth token(s). Localstorage/indexeddb is not secure to do this, but if I store this values in yjs, then it will be harder to XSS attack, am I right? I mean it has binary format which is harder to get/extract this way. Since it’s an extension the in memory store is not enough.

How do you deal with auth token when you need to store?