Caido

Instances

An "instance" is a reference to the directory that stores the data generated by Caido's installation and usage.

This abstraction allows you to manage multiple, separate installations of Caido on a single device.

Local Instances

Additional local instances can be created using either the Caido CLI or desktop application by changing the data storage location.

Remote Instances

Additional instances can also be created for remote installations of the Caido CLI via the launch window of the desktop application.

Specifying a new remote instance.

Authentication

As Caido is built around a client/server architecture, each instance requires access control to authenticate the client (desktop or web application GUI) to the server (Caido CLI), to ensure it is only accessible to you.

Client/server architecture.

Authentication in Caido is based on OAuth 2.0. Every instance that is created registers to our cloud service and obtains a client ID and secret. On initial login to the instance using your account credentials, you claim the instance's client ID.

OAuth Grants Used by Caido

  • Client Credentials: This grant is used to obtain an access token that authenticates the instance with the cloud.
  • Device Authorization: This grant is used to obtain access and refresh tokens to authenticate users. Contrary to most other grants, this grant eliminates the browser redirect.
  • Refresh Token: This grant is used to refresh user access tokens without requiring re-authentication.

NOTE

At this moment, we do not make any guarantees on the lifetime of the tokens.

Authenticate user flow.

Secrets Storage

  • The client secret and instance access token are both encrypted and stored in the secrets.db database in the instance data directory on disk.
  • User access and refresh tokens are stored in the client's local storage. These tokens are never stored on the instance, but can be present in memory.