Implement desktop application OAuth flow [feature request]
JakubVanek opened this issue · 1 comments
JakubVanek commented
https://developers.google.com/identity/protocols/oauth2/native-app
This already works if one configures it manually, but there are things that could be better:
- Implement "Proof Key for Code Exchange" support to improve security
- Add "headfull"/"headless" checkbox to Companion
- Add instruction messages for headless/non-localhost servers
JakubVanek commented
It is unlikely that we'll be able to deploy a shared "desktop" app credentials (see https://stackoverflow.com/a/28109307 for now, googleapis/google-auth-library-nodejs#959 perhaps later). Therefore we can somewhat count on client_secret being a real secret as each user will have to create their own GoogleAPI app. Adding PKCE would have no benefit in that case (its secret would be stored right next to the client secret). Given that it adds some complexity to the initialization procedure, let's close this for now.