Token Cache - Desktop - Linux Libsecret

[sreeise]

Implement Linux Libsecret (Desktop) as an option for token cache

[kulst]

Microsoft uses libsecret in their MSAL libraries to cache tokens in the Secret service. I would also consider using the Secret service here.
As far as I understand the Linux kernel's keyrings feature (not to be confused with gnome-keyring) does only provide a temporary solution to store authentication data in kernel memory. This means the data is gone after a reboot.

In comparison the Secret service (which libsecret is communicating with) and its implementations (like gnome-keyring) provide a way to permanently store authentication data in a encrypted file.

[sreeise]

Microsoft uses libsecret in their MSAL libraries to cache tokens in the Secret service. I would also consider using the Secret service here. As far as I understand the Linux kernel's keyrings feature (not to be confused with gnome-keyring) does only provide a temporary solution to store authentication data in kernel memory. This means the data is gone after a reboot.

In comparison the Secret service (which libsecret is communicating with) and its implementations (like gnome-keyring) provide a way to permanently store authentication data in a encrypted file.

Thanks for the information on this. I updated the ticket to be for Libsecret instead of keyring.

I got the information for how MSAL handles it from looking at the code itself and I do see Libsecret now. But I also see stuff about Keyring. So im curios as to what you looked at or are using for this information?

[sreeise]

Microsoft uses libsecret in their MSAL libraries to cache tokens in the Secret service. I would also consider using the Secret service here. As far as I understand the Linux kernel's keyrings feature (not to be confused with gnome-keyring) does only provide a temporary solution to store authentication data in kernel memory. This means the data is gone after a reboot.
In comparison the Secret service (which libsecret is communicating with) and its implementations (like gnome-keyring) provide a way to permanently store authentication data in a encrypted file.

Thanks for the information on this. I updated the ticket to be for Libsecret instead of keyring.

I got the information for how MSAL handles it from looking at the code itself and I do see Libsecret now. But I also see stuff about Keyring. So im curios as to what you looked at or are using for this information?

As soon as I posted that I went and looked at the docs that I posted previously and saw that it said

The token cache is stored in the a wallet such as Gnome Keyring or KWallet using LibSecret.

🤣