If i have a desktop app - and the user log’s in using username / password - I am currently using Auth0-java.
As mentioned in the docs, it says the access token after a successful log is …“useful for securing an API, but not for authenticating a user”.
Inotherwords, should this access token not be stored as a means to evidence successful login, and to keep the user “logged in” i.e. for 30 days? If not, for a desktop app, what is then recommended?