Desktop OAuth sign-in
Desktop sign-in doesn't use an embedded browser or wedge an OAuth page into an app window — it hands off to your system default browser for OAuth, then pulls the token back into the desktop app and stores it via OS-level encryption.
🚧 Desktop app in development — this article is a preview; steps may be tweaked on launch.
Why the system browser
Unlike some apps that embed a browser for sign-in, Slima Desktop deliberately uses the "system browser OAuth" pattern. Three reasons:
- More secure: the sign-in page you see is the real Google / GitHub page, or the real Slima-rendered page — not a Slima-wrapped shell. Harder to phish.
- OS integration: after sign-in, the token is stored using OS-level encryption (not a plaintext file)
- Smooth Single Sign-On: if your browser is already signed into Google, the desktop sign-in inherits that session — no password retyping
Full flow
- Hit "Sign in" in the desktop app
- Your default browser opens automatically
- The Slima sign-in page appears — pick Google / GitHub one-click or email + password
- After sign-in, the browser shows "Signed in, you can close this page"
- The desktop app picks up the token and shows the main UI
Usually 5–15 seconds end-to-end.
Where the token lives
Encrypted in the OS-level keychain (not a plaintext file):
| OS | Keychain |
|---|---|
| macOS | Keychain |
| Windows | Windows Credential Locker |
| Linux | libsecret / gnome-keyring |
Never stored in plaintext on disk — even with disk access, the token can't be read.
Sign out
Desktop app → avatar → "Sign out":
- Token is cleared from the keychain
- Returns to the sign-in screen
- Local cache stays (unless you also clear it)
Multiple accounts
For now, one desktop instance can only be signed into one Slima account at a time — to switch, sign out and sign in again.
Different OS users can each sign into different Slima accounts — tokens are bound to the OS user, no interference.
Related
Was this helpful?