I see you edited your comment, so I will respond to the new one as well.
Using online database or cloud for handling data (including webhook) is great plus for your project.
The client is not agreeing to this. It is not an option.
Understanding the nature of OAuth and refreshing ‘each’ merchant’s token on Square is must.
I do understand. Have built oAuth2 APIs in the past, but it was all for web. When it is not a web connected application, it gets a bit more complicated. At least in the concern that it is a first for me. I have done Unity development, I have done web development, but not with this. I do think we are going to need a webserver at some point, but due to client concerns currently, they said no.
I may can send you pseudocode for this issue but not the actual lines of coding.
I am good, but thank you. If I need extra assistance, I will contact you. Pseudocode is fine with me.
There is no reason to save each merchant’s access token (or refresh token) to your local DB at all.
There is only 1 merchant and will only be one merchant. They just have multiple terminals in a single location, with no webserver. Oh, and I think we are confusing ourselves. We are building the client application alongside the actual application, so I have full access to their account while we get it running. I am doing a mix of both setting up the code and setting it up for them. I am literally building their application on their computers through VPN. And since it is all localized, only their computers will store the keys for the apps.
If you have to, you can. Then every time your application from your merchant’s call to refresh merchant’s access token must be able to access your ‘local’ database (which does not make any sense at all). ======> this is your application’s problem.
I am not sure I follow. I can set info as .env variables, but I prefer to keep encrypted. The DBs are only hit on app startup. Really, no loss there. Once the date is hit, it passes in the data to the app, where it is stored until reboot.
Edit: I think you think that my app is being hit by theirs. It is all an internal thing, so the app its literally built into their system. This is not a webapp, it is an executable on each individual computer.
Make sure your application can access your online database to ‘refresh’ merchants access token on request.
Again an online DB is not an option. We had to convince them to install network cards on their PC’s just so they could interact with the Square API from the terminals.