graph-rs icon indicating copy to clipboard operation
graph-rs copied to clipboard

Published 20 hours ago verified publisher icon sreeise

Token Cache - Desktop - Linux Libsecret

Open sreeise opened this issue 1 year ago • 3 comments

Implement Linux Libsecret (Desktop) as an option for token cache

sreeise avatar May 27 '24 08:05 sreeise

Microsoft uses libsecret in their MSAL libraries to cache tokens in the Secret service. I would also consider using the Secret service here. As far as I understand the Linux kernel's keyrings feature (not to be confused with gnome-keyring) does only provide a temporary solution to store authentication data in kernel memory. This means the data is gone after a reboot.

In comparison the Secret service (which libsecret is communicating with) and its implementations (like gnome-keyring) provide a way to permanently store authentication data in a encrypted file.

kulst avatar Aug 18 '24 13:08 kulst

Microsoft uses libsecret in their MSAL libraries to cache tokens in the Secret service. I would also consider using the Secret service here. As far as I understand the Linux kernel's keyrings feature (not to be confused with gnome-keyring) does only provide a temporary solution to store authentication data in kernel memory. This means the data is gone after a reboot.

In comparison the Secret service (which libsecret is communicating with) and its implementations (like gnome-keyring) provide a way to permanently store authentication data in a encrypted file.

Thanks for the information on this. I updated the ticket to be for Libsecret instead of keyring.

I got the information for how MSAL handles it from looking at the code itself and I do see Libsecret now. But I also see stuff about Keyring. So im curios as to what you looked at or are using for this information?

sreeise avatar Aug 20 '24 09:08 sreeise

Microsoft uses libsecret in their MSAL libraries to cache tokens in the Secret service. I would also consider using the Secret service here. As far as I understand the Linux kernel's keyrings feature (not to be confused with gnome-keyring) does only provide a temporary solution to store authentication data in kernel memory. This means the data is gone after a reboot. In comparison the Secret service (which libsecret is communicating with) and its implementations (like gnome-keyring) provide a way to permanently store authentication data in a encrypted file.

Thanks for the information on this. I updated the ticket to be for Libsecret instead of keyring.

I got the information for how MSAL handles it from looking at the code itself and I do see Libsecret now. But I also see stuff about Keyring. So im curios as to what you looked at or are using for this information?

As soon as I posted that I went and looked at the docs that I posted previously and saw that it said

The token cache is stored in the a wallet such as Gnome Keyring or KWallet using LibSecret.

🤣

sreeise avatar Aug 20 '24 09:08 sreeise