I’m currently implementing a Python client for remoteStorage and intend to use it in a desktop app. This leads to the following question: Besides implicit-grant, are there any other flows the server has to support?
I’m asking because currently I let the server redirect to a URL like this:
and tell the user to copypaste the site content back into my app. Hosting an actual redirect endpoint on an actual server seems like an unnecessary security risk, should the server get hacked.