0

I need to store a refresh token from OAuth securely, but I need it to be accessibly by my application for all users on the machine. From what I can tell node-keytar only supports credentials being stored on a per user account basis. Is there a way to securely store the refresh token?

For what it's worth, this is for an electron app.

CamHart
  • 3,825
  • 7
  • 33
  • 69
  • I have doubt it can be per-machine if you want secure vault provided by os. for example, if you see mac api node-keytar uses: https://developer.apple.com/documentation/security/1398366-seckeychainaddgenericpassword?language=objc it explicitly requires corresponding username, windows api also requires equivalent. You may require specific user for credentials, or have to secure your own way other than relying on os api, personally don't recommend though. – OJ Kwon Dec 28 '19 at 05:58
  • Looks like dpapi might be the solution for windows. Not sure about macos or linux yet. – CamHart Dec 28 '19 at 06:14

0 Answers0