|Topic was automatically imported from the old Question2Answer platform.
I’m making an MMORPG game. The user will log in to servers via OAuth2 and store the received access tokens so they can be easily reused, and not recreated every time.
The problem is, how can I securely store such tokens? On Android, I could just save to a file in
user:/ and it would be kept secure, but on Linux and Windows the data could be easily fetched by a malicious script because they are accessed per user, not per app.
Encrypting the file is not a solution – the script could just decode it. Even worse, I plan to make the client open-source, so the encryption key would be very easy to get.