Improve OAuth flow for remote server installations

[josteins]

Description:

When using gog auth add --manual on a remote server (accessed via SSH), the OAuth authorization flow is challenging because:

1. Each invocation generates a new state parameter
2. Authorization codes expire quickly (within minutes)
3. If the redirect URL isn't pasted immediately, the state mismatch occurs
4. There's no way to reuse an authorization code with its original state

Current Behavior:

ssh remote-server "gog auth add user@example.com --services gmail --manual"
# Outputs authorization URL with state=ABC123
# User authorizes in browser, gets redirect with state=ABC123&code=XYZ
# But if this takes too long or the command is re-run, state changes
# Result: "state mismatch" error

Suggested Improvements:

1. Persist state parameter: Save the state to a temp file so it can be reused if the command is re-run within a short time window

2. Accept authorization code directly: Add a flag like --auth-code to bypass the state check:

   gog auth add user@example.com --auth-code "4/0ASc3..."

3. Longer timeout: Increase the wait time for manual paste, or add a flag for custom timeout

4. SSH-friendly mode: Add a flag like --remote that:

   • Generates the auth URL
   • Saves state persistently
   • Allows paste from a separate command invocation
   • Example:

     gog auth add user@example.com --remote --step 1  # outputs URL, saves state
     # User authorizes...
     gog auth add user@example.com --remote --step 2 --url "http://localhost:1/..."

Use Case:
This is particularly important for:

• Automated deployments
• Server environments where interactive SSH is difficult
• CI/CD pipelines
• Remote server management through SSH proxies

Workaround:
Currently requires an interactive SSH session with -t flag and quick copy-paste of the redirect URL.

Environment:

• gog version: v0.9.0
• OS: Ubuntu Linux (remote server)
• Access method: SSH

Would love to see this improved for remote server deployments!