I have a legacy desktop application that is usually deployed on the user's machine. It takes a username and a password and communicates with the cloud to get a JWT token which is stored in the registry. For the subsequent run, we check the JWT token and get the entitlement.
Since, AppStream 2.0 fleet is ephemeral, I am not sure if I save this way, the data will persist. Is there any safe way to persist this user-specific token in AppStream 2.0?
Yes, you should be able to persist the token in the registry. There is an AWS blog post that outlines the procedure of persisting the user-specific registry (i.e. "The tree of registry entries rooted at HKEY_CURRENT_USER"). [1]
You must enable Application Settings Persistence for this to work.
[1] https://aws.amazon.com/blogs/aws/amazon-appstream-2-0-new-application-settings-persistence-and-a-quick-launch-recap/ ("Application Settings Persistence")