This was an interesting situation where I thought I was retrieving a token using XSS, like (document.cookie), but instead the token was located in LocalStorage.  Obviously, you need to know the key name but since I had the application, I had that information.  Pushing aside the XSS part, the meat is here:

We're stealing the token value and pushing it to stealer.php:

Stealer.php is just taking the value and dropping it into a log file. 

Starting fresh on the browser side, we look in LocalStorage which is empty:

We add a key and the value:

Next, we point it to our token stealing page:

And we can already see that we were successful in stealing the value:

Finally, we look in the log:

And I was able to steal it via XSS which was the original goal.