Login
You're viewing the mstdn.social public feed.
  • Jul 2, 2026, 7:37 AM

    @mjg59 ooh nice write up, thanks.

    Those are all (by design) browser session based. Do you know of anything that would be appropriate to use in a cli i am responsible for? The workflow is often a short burst of requests (3-10?) then nothing for hours or days.

    On-device malware is what I’m trying to defend against, and the current approach i am going for is to store our beater token in the system keychain, which at least on macos means malware testing to access it would show a the user a password prompt. But we know that is imperfect protection.

    💬 1🔄 0⭐ 0

Replies

  • 💬 1🔄 0⭐ 0
  • Jul 2, 2026, 7:48 AM

    @mjg59 👍🏻we issue ourselves (auth0 for user login, but it was prohibitively expensive to use auth0 for everything)

    Of course it remains to be seen how easy it will be to plumb mTLS though the entire stack

    💬 0🔄 0⭐ 0