Authentication
Sign in to the z8 Timer desktop app
The z8 Timer uses secure OAuth authentication through your web browser. This means you sign in using the same credentials as the Z8 web app.
How Authentication Works
┌──────────────┐ 1. Click "Sign In" ┌──────────────┐
│ Desktop App │ ──────────────────────► │ Browser │
└──────────────┘ └──────────────┘
│
2. Enter credentials
│
▼
┌──────────────┐
│ Z8 Server │
└──────────────┘
│
3. Authenticate
│
┌──────────────┐ 4. Redirect with token │
│ Desktop App │ ◄───────────────────────────────┘
└──────────────┘ z8://auth/callback?token=...- You click "Sign in with Z8" in the desktop app
- Your default browser opens to the Z8 login page
- You enter your credentials (or use SSO if configured)
- After successful login, the browser redirects back to the desktop app
- The app receives your session token and you're logged in
Signing In
Configure your server URL first
Before signing in, you need to set your organization's Z8 webapp URL:
- Click the tray icon to open the app
- Click the Settings (gear) icon
- Enter your webapp URL (e.g.,
https://time.yourcompany.com) - Click Save
Click "Sign in with Z8"
On the login screen, click the sign-in button. Your default browser will open.
Authenticate in the browser
Enter your Z8 credentials or use your organization's SSO provider (Google, Microsoft, etc.)
Return to the desktop app
After successful login, click "Open Z8 Desktop" in the browser. The desktop app will receive your session.
Deep Link Protocol
The desktop app registers the z8:// protocol on your system. This allows the browser to redirect back to the app after authentication.
Session Management
Session Persistence
Your session is stored securely on your device:
- Token storage: Encrypted in your app data directory
- Automatic login: You stay signed in until you explicitly sign out
- Session expiry: Sessions expire based on your organization's settings
Signing Out
To sign out:
- Click the tray icon to open the app
- Click the Settings (gear) icon
- Click "Sign Out"
- Confirm the action
Offline Queue
Signing out will clear any pending offline time entries. Make sure you're online and synced before signing out.
Troubleshooting Authentication
Browser doesn't open
Cause: Default browser not configured or not responding
Solution:
- Ensure a default browser is set in your OS settings
- Try opening a URL manually to test
- Restart the desktop app
"Open Z8 Desktop" doesn't work
Cause: Deep link protocol not registered correctly
Solutions:
Windows:
- Reinstall the app to re-register the protocol
- Check Windows Registry:
HKEY_CLASSES_ROOT\z8
macOS:
- Run:
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump | grep z8 - If not found, reinstall the app
Linux:
- Check:
xdg-mime query default x-scheme-handler/z8 - Register manually:
xdg-mime default z8-timer.desktop x-scheme-handler/z8
"Invalid token" error
Cause: Token expired or server mismatch
Solution:
- Verify your webapp URL is correct in settings
- Try signing out and back in
- Check that the server is reachable
SSO not working
Cause: Organization SSO configuration
Solution:
- Ensure you can log in via the web app first
- Use the same browser for desktop app auth
- Contact your administrator if SSO fails consistently
Security
How your credentials are protected
- No passwords stored: The app never sees or stores your password
- Token-based: Only a session token is stored locally
- Secure storage: Tokens stored in OS-protected app data directory
- HTTPS only: All API communication uses encrypted connections
Token location
| Platform | Location |
|---|---|
| Windows | %APPDATA%\com.z8.timer\ |
| macOS | ~/Library/Application Support/com.z8.timer/ |
| Linux | ~/.config/com.z8.timer/ |
Revoking access
To revoke desktop app access from the server:
- Log in to the Z8 web app
- Go to Settings → Security → Sessions
- Find the desktop app session
- Click "Revoke"