DocsApps & Sync › Desktop OAuth sign-in

Desktop OAuth sign-in

Last updated May 14, 2026 · 3 min read

Desktop sign-in doesn't use an embedded browser or wedge an OAuth page into an app window — it hands off to your system default browser for OAuth, then pulls the token back into the desktop app and stores it via OS-level encryption.

🚧 Desktop app in development — this article is a preview; steps may be tweaked on launch.

Slima home (desktop uses system browser OAuth + OS keychain to encrypt the token)

Why the system browser

Unlike some apps that embed a browser for sign-in, Slima Desktop deliberately uses the "system browser OAuth" pattern. Three reasons:

  • More secure: the sign-in page you see is the real Google page, or the real Slima-rendered page — not a Slima-wrapped shell. Harder to phish.
  • OS integration: after sign-in, the token is encrypted with the operating system's secure storage before it's written to disk
  • Smooth Single Sign-On: if your browser is already signed into Google, the desktop sign-in inherits that session — no password retyping

Full flow

  1. Hit "Sign in" in the desktop app
  2. Your default browser opens automatically
  3. The Slima sign-in page appears — sign in with Google one-click
  4. After sign-in, the browser shows a success message ("Login Successful! You can close this tab and return to Slima.")
  5. The desktop app picks up the token and shows the main UI

Usually 5–15 seconds end-to-end.

Where the token lives

After sign-in, the desktop app encrypts the token with Electron's safeStorage — which derives its key from the operating system's secure storage — and writes the encrypted file into the app's user-data directory.

When OS-level encryption isn't available, the app falls back to storing the token as a plain file so sign-in still works. On a machine with secure storage available, the token on disk is encrypted and can't be read directly.

Sign out

Desktop app → avatar → "Sign out":

  • The encrypted token file is removed
  • Returns to the sign-in screen
  • Local cache stays (unless you also clear it)

Multiple accounts

For now, one desktop instance can only be signed into one Slima account at a time — to switch, sign out and sign in again.

Different OS users can each sign into different Slima accounts — tokens are bound to the OS user, no interference.

Related

Was this helpful?