Is it impossible to do an open-source CLI tool that connects to an OAuth2 API without either exposing the app key or hosting a service just to do key exchange stuff?
1
Replying to @jakerobinson
Generally yes. You could ask the user to get their own API keys though. You could also register the app as a "public client" so that you never get a secret, then it's okay to put the client_id in the app. (Only some APIs let you do this tho)

Dec 10, 2018 · 5:27 PM UTC

1
1
Replying to @aaronpk
The best I’ve come up with is to do an AWS Lambda function to host the app key and do the handshake.