Best Practices for Securely Storing JWT Tokens in an AvaloniaUI Desktop Application

[VietNT2011]

Hi everyone,

I’m currently working on an AvaloniaUI desktop application and need advice on the best practices for securely storing JWT tokens. Specifically:

What is the recommended way to store JWT tokens in AvaloniaUI applications to ensure security?

Any guidance, code examples, or references to best practices would be greatly appreciated.

Thank you! 🙏

[maxkatz6]

The easiest and (even more important) portable option would be to safe encoded file containing your key.
To do that, you can:

• Define a key for your app. Optionally - combine it with machine key, to make these files non-movable between machines.
• Use AES to encrypt your files
• When you need to read them, use AES to decrypt with the same keys
• (optionally) You can use Dpapi on WIndows and KeyChain on macOS, but that would require platform specific implementations

You also need to remember that no data on a user machine is fundamentally secret. Any key embedded in your application can be decompiled and used to read these files. That's typically okay for JWT tokens, though.