I have a use case where the user logs in to the cloud server using phone SMS OTP (Will use JWT). Multiple people will be using the same computer the same day. So I don't want to send the SMS OTP each time a user wantts to login. I am thinking of using a PIN for a locking mechanism for each user. This PIN will be stored in a local sqlite database (with hashing). Each time a user want to unlock and get access to the software, he has to enter the PIN. So JWT tokens of multiple users will be stored at the same time in the browser, but only the JWT token of the 'unlocked' user will be sent to server. Is this possible ? Is there any security risks ? Later I want to make Desktop app from this web app using ElectronJS, Is there anything Important I should consider in this case ?
I have not started implementing this yet, but would like to know about the security implications first.