feat: Implement secure desktop authentication flow #152

Nishchit14 · 2023-11-18T07:27:41Z

The web auths flow uses secure and httpOnly cookies for authentication, but this is not sufficient for desktop apps that require a more advanced auth flow.

This issue is to implement a smooth and secure desktop authentication experience:

Generate access tokens and refresh tokens for the user
Encrypt tokens before saving them locally on the user's device
Rotate the refresh token on each refresh attempt to increase security
Implement rate limiting to prevent brute force attacks

Considerations:

How long should access tokens be valid before requiring a refresh?
What encryption methods should be used to store tokens locally?
What should the refresh token rotation policy be?
How should rate limiting be implemented - per user? Per device?

This should provide a seamless authenticated experience for desktop app users.

Nishchit14 mentioned this issue Nov 18, 2023

feat: The Desktop Application #62

Closed

9 tasks

Nishchit14 changed the title ~~User authentication desktop-specific flow~~ feat: Deskstop App Authentication Flow Nov 18, 2023

Nishchit14 changed the title ~~feat: Deskstop App Authentication Flow~~ feat: Implement secure desktop authentication flow Nov 18, 2023

Nishchit14 self-assigned this Nov 18, 2023

Nishchit14 added the desktop label Nov 18, 2023

Nishchit14 added this to the v3.2.4 milestone Nov 18, 2023

Nishchit14 pinned this issue Nov 18, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Implement secure desktop authentication flow #152

feat: Implement secure desktop authentication flow #152

Nishchit14 commented Nov 18, 2023 •

edited

feat: Implement secure desktop authentication flow #152

feat: Implement secure desktop authentication flow #152

Comments

Nishchit14 commented Nov 18, 2023 • edited

Nishchit14 commented Nov 18, 2023 •

edited