How to implement automatic authorization?

There is a server written in php with a database. It is required to write a client to this server (desktop). Actually, the implementation of the client itself in C # wpf, communication with the server is carried out through POST / GET requests.
In the client, you need to log in with the automatic login function, that is, the next time you start the application, so that the login and password are not requested at all, and the application is immediately ready to work following the example of Steam and other things) How can this be implemented with a more or less proper level of protection. Is it correct to store the login and password after entering it and just send it to the server all the time when logging in.
How to get the necessary information from the server after authorization? do you need to implement something like a session, send a token to the client and then send all requests with it? But if the token is intercepted, then they will get full access.
Tell me where you can read about authorization and storage of login passwords and access by token or other methods.
I myself understand this for a couple of days, do not judge strictly. Thanks to all