Use electron-store to persist the oauth2 CLIENT_SECRET #1
Description
We need a CLIENT_SECRET but we shouldn't store it in the ENV or JSON file. We can use electron-store to write to a file with managed encryption.
Also, to motivate why we don't need the client secret apriori, I asked the Claud AI to diagram an oauth2 flow:
sequenceDiagram
participant User
participant Electron App
participant Backend Server
participant OAuth Provider
User->>Electron App: Initiates login
Note over Electron App: Generates code verifier<br/>and code challenge (PKCE)
Electron App->>OAuth Provider: Authorization request with<br/>code challenge + client_id
OAuth Provider->>User: Shows login page
User->>OAuth Provider: Enters credentials
OAuth Provider->>Electron App: Returns authorization code
Electron App->>Backend Server: Sends auth code + code verifier
Note over Backend Server: Stores client secret<br/>securely
Backend Server->>OAuth Provider: Exchanges code + client secret<br/>+ code verifier for tokens
OAuth Provider->>Backend Server: Returns access/refresh tokens
Backend Server->>Electron App: Returns tokens
Note over Electron App: Stores tokens securely<br/>in system keychain
Electron App->>User: Login complete
so I think we need to figure out the PKCE bit to "do it right"? Or something? Maybe we can send the user to the login page without user the client secret and see what happens?