I am writing a WPF desktop application. I use the Auth0 SDK to login into my Auth0 domain and obtain an access token to my API and an ID token. I do so by calling
LoginResult loginResult = await client.LoginAsync(extraParameters)
My loginResult.AccessToken and loginResult.IdentityToken contain my tokens as I expect.
Isn’t it possible for a hacker who obtains Admin access to my computer to see these tokens stored in RAM or if persisted to the disc cache? If so, can’t he use these tokens to access my APIs?
How does one prevent this from happening?