Add better Oauth2 mechanism #12
Description
Currently we just use the client credentials flow for logging in, storing the client id/secret in the system keyring. this works well enough but setup is relatively complicated for users (need to create an app per user with CSCS and get the keys).
It would be nice to use a more user friendly flow.
I tried device code flow before, but that only gives an access token that lives for 5 minutes, so a user would have to re-log every 5 minutes.
PKCE might work in getting a refresh token which we can store in the keyring, so we should try that. It just means running a local webserver that the auth can be redirected to. Or check if there's some other flow that's better suited and gives a refresh token?