I appreciate the quick reply!
I honestly got the notion that it was just bad practice to store it on your personal computer, to be honest. So it should be fine so long as noone else has access to my computer?
And as I stated before, I am making this bot for another person, who happens to live in another state. I’ve already used my own account to test that the code I’ve written works and pulls the information down correctly. At least for the integration that I want to put in now. I used localhost as the redirect url when doing this.
So the only issue would be setting up the server/publicly reachable website to have him authorize the bot, correct? This including some kind of database to house the tokens that the bot, and nobody else, should have access to? If this is what I need to do, would you happen to have any recommendations on guides or websites or such that could lead me in the right direction for doing that?
Also, just as a secondary thing, he does have a second tower at his home and has already stated he wouldn’t mind running it on that. Would this be an easier option? Give him the code, without any of the sensitive information, and walk him through filling out what he needs to and then walking him through the entire localhost token retrieving? And then from there, if coded correctly, it should be able to automatically refresh? Further, we’ve created an account just to act as the bot, would they still need to register it if it was already registered under that account? Or just need access to that account to get the Client-ID and such?
Lastly, I’m still slightly confused about the client secret. I thought I had grasped it, but I’m still unsure as to if it is something given to us or something that we create. If you could shed some further light on that regard as well, I would be very thankful.
Thanks for your time.