Auth0 Browser Pop-Up

[AvocadoMoon]

Problem

The browser pop-up is distracting to the end user, and is not required to gain focus if they are already logged in.

Potential Solutions

• Create a HTTP client within the app that can store cookies, and make all the requests the browser can do

  • Browser logic is extremely complicated and attempting to allow GUI interaction for when users need to initiate authentication for the first time would also be difficult. Then comes the problem of how to store cookies securely on the client device. | Attempt To Store Cookies

• Keep everything the same, but have the browser pop-up be silent so tabs accumulate but never gain focus. Or have the java app gain focus back from the browser.

  • No method so far seems to allow for silent browser interaction or focus gain.

• Store the ID and refresh token in a secure manner

  • After the user logs in save the tokens grabbed, and once the refresh token expires restart the entire authentication process again. | KeyRing Library

• Change the authentication flow such that it browser interaction isn't required

  • The other flows don't seem to support streamlined methods without having the client application store some secret which is not possible in our case.

Best Solution

The best solution seems to be storing the credentials in a secure manner on the native machine, and refreshing when needed. The OS native method for storing secrets securely can propose some issues, however, if storage doesn't work the application can just go through the sign-in process all over again.

Tasks

• Create a credential store class whose purpose is to store and retrieve secrets
• Integrate the class in a non-intrusive manner to the current login procedure
• Create diagram which reflects the entire login process

[AvocadoMoon]

Documentation is available, however, the problem still has not been solved.