fix(auth): Support 2FA via browser window auth

[bmulholland]

I'm working to remove the usage of electron remote, and Auth windows are the last one. They open the auth in a new window. Since Github has started enforcing 2FA for almost everyone, the electron-window auth approach isn't functional for most. It therefore doesn't make sense to spend work maintaining the existing broken auth; instead, we can switch to a new one.

This change moves auth to open in the default browser. When Auth is done, it will redirect to gitify://oauth-callback, which the app will register and monitor, finishing the auth process when it's done.

At this point, I've got an initial approach started, but there's still lots to do. Help is welcomed.

There are several pieces left:

• Fix the start of the auth process
  • Allow the gitify://oauth-callback redirect in the Github app settings -- do we have access to that?
  • Fix the initialization of it -- all the types etc are broken, and the browser probably doesn't even open
• Catch and handle the completion of the auth
  • Communicate the auth from the main process to the App context, which started the Auth
  • Error handling
• Testing
  • Figure out automated testing approach, if possible
  • Manually test
• Documentation
  • Per Which Authorization callback URL should be used when setting up a new OAuth app? #395, document the changed redirect URI

Fixes #561
Fixes #650
Fixes #429
Fixes #485
Closes #395

[bmulholland]

Current dependencies on/for this PR:

• main
  • PR fix(deps): update dependency axios to v1 #613
    • PR chore(electron): Move off deprecated remote module #649
      • PR chore(refactor): Simplify window re-open #651
        • PR chore: Replace remote for hiding window #652
          • PR chore: Replace remote for setting auto-open pref #653
            • PR fix(auth): Support 2FA via browser window auth #654 👈

This comment was auto-generated by Graphite.

[bmulholland]

@afonsojramos do you have access to the Github App to add the redirect URI?

[afonsojramos]

@bmulholland can't we keep using the existing gitify.io/callback redirect URI? Why do we need a new one?

[bmulholland]

@afonsojramos We need a way to get the information in the URL at the end of authentication to the app. Currently, this is done by controlling the browser itself, waiting until there's a redirect, and intercepting that event. If we open auth in an external browser, there isn't a way to monitor the event and intercept the page when auth is completed.

Using a custom protocol is the usual way to get that data from the browser to an app, in lieu of intercepting events like that. So this is the standard approach.

If we wanted to avoid adding a new redirect URI to the Github App, if we control gitify.io, we could perhaps add a redirect from that callback URI to our custom protocol, which would complete this flow. However, that wouldn't fix #429, and is also a genuine security hole: anyone with access to gitify.io could probably MITM the callback and get access to quite a lot of data.