dependent on #2546
setting up:
- when first setting up, before a pass phrase was chosen, unencrypted access tokens only go in session, not in permanent storage
- then during setup, once pass phrase is known, encrypt them with pass phrase. Can use a separate storage index like
google_token_renew_encrypted (storage) and google_token_access_plain (session).
retrieving access token:
- check
google_token_access_plain session storage, grab token from there if exists
- check legacy
google_token_access local storage
- check legacy
google_token_renew local storage
- attempt to decrypt
google_token_renew_encrypted local storage if pass phrase present (else throw / show modal - this is a difficult point because this may actually be executed in the background? - gets complicated)
If it was not encrypted, encrypt it with the pass phrase and store
If pass phrase not present, show dialog
note - this is just a draft.
The actual security concern may be alleviated by implementing #2558 if implemented reliably, because while the user is logged in, attacker can retrieve another set of access tokens anyway (or just copy browser cookies). -> did not work
dependent on #2546
setting up:
google_token_renew_encrypted(storage) andgoogle_token_access_plain(session).retrieving access token:
google_token_access_plainsession storage, grab token from there if existsgoogle_token_accesslocal storagegoogle_token_renewlocal storagegoogle_token_renew_encryptedlocal storage if pass phrase present (else throw / show modal - this is a difficult point because this may actually be executed in the background? - gets complicated)If it was not encrypted, encrypt it with the pass phrase and store
If pass phrase not present, show dialog
note - this is just a draft.
The actual security concern may be alleviated by implementing #2558 if implemented reliably, because while the user is logged in, attacker can retrieve another set of access tokens anyway (or just copy browser cookies). -> did not work