Native ASWebAuthenticationSession for the OAuth flow with PKCE (SHA-256 challenge). Refresh tokens are stored in macOS Keychain (kSecAttrAccessibleWhenUnlocked), access tokens are never persisted — refreshed on demand. No custom WebView, no embedded browser, no token stored in UserDefaults or on disk. The only things in UserDefaults are the account email list and display names.
curious how you handle the google calendar API auth flow. did you go with the native aswebauthenticationsession or store tokens in keychain
Native ASWebAuthenticationSession for the OAuth flow with PKCE (SHA-256 challenge). Refresh tokens are stored in macOS Keychain (kSecAttrAccessibleWhenUnlocked), access tokens are never persisted — refreshed on demand. No custom WebView, no embedded browser, no token stored in UserDefaults or on disk. The only things in UserDefaults are the account email list and display names.
[dead]