Docs › Apps & Sync › Desktop OAuth sign-in
Desktop OAuth sign-in
Last updated May 14, 2026 · 3 min read
Desktop sign-in doesn't use an embedded browser or wedge an OAuth page into an app window — it hands off to your system default browser for OAuth, then pulls the token back into the desktop app and stores it via OS-level encryption.
🚧 Desktop app in development — this article is a preview; steps may be tweaked on launch.

Why the system browser
Unlike some apps that embed a browser for sign-in, Slima Desktop deliberately uses the "system browser OAuth" pattern. Three reasons:
- More secure: the sign-in page you see is the real Google page, or the real Slima-rendered page — not a Slima-wrapped shell. Harder to phish.
- OS integration: after sign-in, the token is encrypted with the operating system's secure storage before it's written to disk
- Smooth Single Sign-On: if your browser is already signed into Google, the desktop sign-in inherits that session — no password retyping
Full flow
- Hit "Sign in" in the desktop app
- Your default browser opens automatically
- The Slima sign-in page appears — sign in with Google one-click
- After sign-in, the browser shows a success message ("Login Successful! You can close this tab and return to Slima.")
- The desktop app picks up the token and shows the main UI
Usually 5–15 seconds end-to-end.
Where the token lives
After sign-in, the desktop app encrypts the token with Electron's safeStorage — which derives its key from the operating system's secure storage — and writes the encrypted file into the app's user-data directory.
When OS-level encryption isn't available, the app falls back to storing the token as a plain file so sign-in still works. On a machine with secure storage available, the token on disk is encrypted and can't be read directly.
Sign out
Desktop app → avatar → "Sign out":
- The encrypted token file is removed
- Returns to the sign-in screen
- Local cache stays (unless you also clear it)
Multiple accounts
For now, one desktop instance can only be signed into one Slima account at a time — to switch, sign out and sign in again.
Different OS users can each sign into different Slima accounts — tokens are bound to the OS user, no interference.