[Feature Request] Request for the addition of a token-based login feature.

[naoyoshi-kun]

I am fully aware that VRCX is an extremely user-friendly tool. I myself have wanted to use it a few times, but I have some concerns about directly entering my ID, password, and two-factor authentication code.

If possible, I would like to request an option to log in using a token-based method in addition to the ID and password method. (If a similar feature has already been implemented, I would appreciate an explanation on how to use it.)

I understand you are busy, but I would be grateful if you could kindly consider this request. I also apologize if this question has been asked before and for any repetition in my inquiry.

[Myrkie]

VRCX already uses session tokens as apart of VRChats normal authentication schema (we don't have oauth yet sadly) are you maybe looking for a pin or something having to be entered to use the application and sign in? because realistically we cannot do anything as we dont have proper oauth and thats been a long time requested feature on vrchats canny and fourms, at most you can do is copy paste your auth token and totp from another source but that's generally a bad idea.

[naoyoshi-kun]

VRCX already uses session tokens as apart of VRChats normal authentication schema (we don't have oauth yet sadly) are you maybe looking for a pin or something having to be entered to use the application and sign in? because realistically we cannot do anything as we dont have proper oauth and thats been a long time requested feature on vrchats canny and fourms, at most you can do is copy paste your auth token and totp from another source but that's generally a bad idea.

As you mentioned, having an additional security layer, like a PIN, when logging into the app would provide much more peace of mind! copying and pasting the token may not be the best method. Does that pose any security or operational risks? Apologies for my lack of knowledge...

[Myrkie]

copying and pasting the authentication token would essentially require you to login to VRChat from another location (such as the website) and copy paste the browser cookies from that to VRCX, this is generally not advised as VRChat can see this as a compromised account since the token is being used in a place it wasn't created for, as for PIN VRCX stores your password in the SQL database, if you don't wish for this to be easily accessible you can enable "encrypt password" this will encrypt the passwords in the database with the password of your choosing, downside being auto login will no longer be possible and you will have to enter this password every time. this is the closest you will get to a pin system.

[naoyoshi-kun]

copying and pasting the authentication token would essentially require you to login to VRChat from another location (such as the website) and copy paste the browser cookies from that to VRCX, this is generally not advised as VRChat can see this as a compromised account since the token is being used in a place it wasn't created for, as for PIN VRCX stores your password in the SQL database, if you don't wish for this to be easily accessible you can enable "encrypt password" this will encrypt the passwords in the database with the password of your choosing, downside being auto login will no longer be possible and you will have to enter this password every time. this is the closest you will get to a pin system.

Thank you for the explanation! Hearing that there is a password encryption feature is reassuring. I understand that if VRChat's official team were to make such a decision, there could be a risk of the account itself being BAN in the worst-case scenario... I appreciate you taking the time to explain this!

[Myrkie]

How VRChat chooses to handle it is completely up in the air, thus the warning about doing it, we really cant be sure what is or isn't safe as we are not VRChat.

[naoyoshi-kun]

How VRChat chooses to handle it is completely up in the air, thus the warning about doing it, we really cant be sure what is or isn't safe as we are not VRChat.

Thank you for your response! After hearing your explanation, I feel more at ease (though not completely). I’ll take everything into consideration and think carefully about whether to use VRCX or hold off. Thank you very much!