Add possibility to store Evernote authentication tokens in plain text, without the system keychain

Question

Add possibility to store Evernote authentication tokens in plain text, without the system keychain

Closed this issue 4 years ago · 0 comments

Several issues with Quentier were reported in which libquentier couldn't communicate with the system keychain. Qtkeychain library used by libquentier depends on either gnome keyring or Kwallet which are expected to be installed on the target system but they might not be installed in case the user uses AppImage packaged app, for example.

Authentication token is principally the secret which in theory shouldn't be stored in plain text because of security and yada-yada. But in reality Nixnote, for example, has never bothered to store the token securely. So it doesn't seem like a big crime really.

Perhaps I could introduce two options here:

Try to use system keychain for auth token storage and retrieval by default or not. I remember that macOS keychain was kinda annoying as it prompted me for passwords several times during a single sync so maybe from UX POV on that platform it would make sense to avoid using the keychain by default.
Allow insecure fallback if writing/reading the token to/from the system keychain fails for some reason (for example, due to missing backend)