Tauri (or Electron) auth advice
I'd like to get opinions about auth (using better-auth)
If there is no option to use Cookie session, would you say that storing JWT (instead of cookie) in local storage is safe or unsafe?
I spent a lot of time reading articles and digging this with chatgpt and claude, but so far I got only vague solutions
It's said that keeping JWT in local storage is prone to XSS, yet I have seen countless applications that do that, like nobody cares
Using secured or encrypted storage (in React Native, Electron, etc) makes no difference against XSS because token is as available as from local storage
So, assuming cookie based auth is not possible, what way would you go and why?
I'm trying to setup auth in Tauri application
Cookies are not possible because user logs in with Google in default browser tab and then application is opened with deep link, it's not possible to pass Cookies, only search params
If there is no option to use Cookie session, would you say that storing JWT (instead of cookie) in local storage is safe or unsafe?
I spent a lot of time reading articles and digging this with chatgpt and claude, but so far I got only vague solutions
It's said that keeping JWT in local storage is prone to XSS, yet I have seen countless applications that do that, like nobody cares
Using secured or encrypted storage (in React Native, Electron, etc) makes no difference against XSS because token is as available as from local storage
So, assuming cookie based auth is not possible, what way would you go and why?
I'm trying to setup auth in Tauri application
Cookies are not possible because user logs in with Google in default browser tab and then application is opened with deep link, it's not possible to pass Cookies, only search params
