Rethinking storing credentials

[dubeyKartikay]

I'm trying to build a TUI that would use go-librespot to actually play the songs.

When i was tring to figure out how to pass credentials from my TUI to go-librespot i noticed the project stores the credentials in a plain json file.
Furthermore, we have an option in the config file use uses plain txt access token for auth.

I feel like this is a security risk

we should try storing the creds in the OS keyring before falling back to storing them in a file.

I would be willing to work on this if the maintainers are alligned

What do you guys think?

[devgianlu]

I feel like this is an edge case. Most deployments of go-librespot will happen on headless devices where there is no keyring available.

Nonetheless, this could be a nice addition for those that use go-librespot on desktop systems.

Please note that the access token in the config should be removed after doing the first authentication (don't remember if this is documented anywhere).