If you are authenticating a viewer you do not need to use oAuth
see requestIdShare instead - Extensions Reference | Twitch Developers
If you are needing to get a token from the broadcaster for scopes other than the subscriber read scope then you will need an oAuth flow yes, but you’d probably want the code flow not the implict flow so you can get a refreshable token.
See send extension pubsub message - Reference | Twitch Developers
And to listen in the front end - Extensions Reference | Twitch Developers
Depending on what you might doing you might use the helper send function but I imagine most of your messaging will come from your EBS/Server.
So yes Twitch provides a messaging service but you can use your own messaging service.
You can also use the config service to store configuation data
Technically yes.
Please refer to the Channel Points Acceptable Use Policy to ensure you are compliant - Twitch.tv - Channel Points Acceptable Use Policy
Channel Points would require a server/backend in order to consume the chnanel points usage event.
This is generally not good practice since if a user is behind a firewall that only allows SSL traffic on the SSL point you’ll run into issues. Let along Removed as misread your usecaselocalhost to me is my computer not yours.
Sure you can have the streamer install software on their computer for an extension, but then that software can’t talk to the Twitch API to send extension pubsub messaging as you’d leak your Extension Secret.
And if you want to use channel points, you’ll need a server in order to consume the events via eventsub. (yeah your desktop app could connect to EventSub Websockets to consume but then you can’t talk to your extension)
So you’ll want an EBS/External Server to start with, in my opinion.