The web auths flow uses secure and httpOnly cookies for authentication, but this is not sufficient for desktop apps that require a more advanced auth flow.

This issue is to implement a smooth and secure desktop authentication experience:

• Generate access tokens and refresh tokens for the user
• Encrypt tokens before saving them locally on the user's device
• Rotate the refresh token on each refresh attempt to increase security
• Implement rate limiting to prevent brute force attacks

Considerations:

• How long should access tokens be valid before requiring a refresh?
• What encryption methods should be used to store tokens locally?
• What should the refresh token rotation policy be?
• How should rate limiting be implemented - per user? Per device?

This should provide a seamless authenticated experience for desktop app users.