The web auths flow uses secure and httpOnly cookies for authentication, but this is not sufficient for desktop apps that require a more advanced auth flow.
This issue is to implement a smooth and secure desktop authentication experience:
[ ] Generate access tokens and refresh tokens for the user
[ ] Encrypt tokens before saving them locally on the user's device
[ ] Rotate the refresh token on each refresh attempt to increase security
[ ] Implement rate limiting to prevent brute force attacks
Considerations:
How long should access tokens be valid before requiring a refresh?
What encryption methods should be used to store tokens locally?
What should the refresh token rotation policy be?
How should rate limiting be implemented - per user? Per device?
This should provide a seamless authenticated experience for desktop app users.
The web auths flow uses secure and httpOnly cookies for authentication, but this is not sufficient for desktop apps that require a more advanced auth flow.
This issue is to implement a smooth and secure desktop authentication experience:
Considerations:
This should provide a seamless authenticated experience for desktop app users.