Implement Certificate Pinning to the desktop application to harden against man in the middle (MITM) attack scenarios. Right now you can easily intercept the traffic with an intercepting proxy.
Similar solution to implement -
Store a certificate fingerprint in addition to URI in vault.
Compare both the certificate details the webpage presents and URI.