For now I've mostly tried to follow the same style guide as the flutter
repository, with many options disabled. Eventually, maybe it would make
sense to be far stricter.
It's so awesome that I don't need to store the client secret with
GitLab. The GitHub APIs are so much easier to use + documentation, but
at least GitLab supports more OAuth methods.
This just models the basic API that we need for GitJournal. The API
isn't great and could use improvement.
Also, yes, I know I'm committing the secret key, but I don't see any
other way of managing this. GitHub doesn't allow the implicit oauth flow
or dynamic clients registration or anything. So there isn't really any
other way.
I've registered GitJournal as an app on Github and tried to get the
access_token within the app. This seems to work. Though, I need to
provide the client secret as well. It's quite sad that GitHub does not
even support the Implicit Grant auth type.
Credit: https://stackoverflow.com/questions/46196240/oauth2-flow-in-flutter-app
