refactor(auth): move oauth client_id to server-side only

[caffeinum]

Summary

• Moves OAuth client_id configuration from desktop app to server-side API routes
• Desktop now opens /api/auth/github or /api/auth/google which redirects to OAuth provider with client_id
• No OAuth secrets baked into the Electron build anymore

Changes

• Add /api/auth/github and /api/auth/google routes in api app that redirect to OAuth providers
• Simplify desktop auth-service.ts to just open API URL instead of building full OAuth URL
• Remove GOOGLE_CLIENT_ID and GH_CLIENT_ID from electron build defines and env validation

New Flow

desktop → api.superset.sh/api/auth/github?state=xxx
       → github.com/login/oauth/authorize?client_id=xxx&...
       → app.superset.sh/api/auth/desktop/github?code=xxx
       → desktop deep link with tokens

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[saddlepaddle]

LOL clutch, thanks fam! Will review by tomorrow 👌🏼