feat: Implement secure desktop authentication flow #152
Description
The web auths flow uses secure and httpOnly cookies for authentication, but this is not sufficient for desktop apps that require a more advanced auth flow.
This issue is to implement a smooth and secure desktop authentication experience:
- Generate access tokens and refresh tokens for the user
- Encrypt tokens before saving them locally on the user's device
- Rotate the refresh token on each refresh attempt to increase security
- Implement rate limiting to prevent brute force attacks
Considerations:
- How long should access tokens be valid before requiring a refresh?
- What encryption methods should be used to store tokens locally?
- What should the refresh token rotation policy be?
- How should rate limiting be implemented - per user? Per device?
This should provide a seamless authenticated experience for desktop app users.