Looking for some System Design input
Out current plan is to build a system that includes a Client and a Local Server both running on the users machine, and an API Server that both speak to (Client Read Only). The API Server will also need to update user metadata for the current user of a given request.
I would include a diagram but I seem unable to embed or link it.
My current understanding is that the Client and Local Server need to be ‘Applications’, and the Local Server and API Server need to be ‘APIs’ so that I can issue an access token with them as the audience. Since the client and local server are running on the client machine, I don’t think I can use a Client Secret, so both will need to do a PKCE login flow on start-up to be issued their tokens.
As a result of this, the Client needs to be able to run it’s own localhost server to receive the PKCE callback, and the client login requires two consent dialogs for the two required access tokens. My question is whether there is any way to avoid either the multiple consent dialogs, and the Client needing to run it’s own server, if possible maintaining the components of the design (Client, Local Server, API Server), or otherwise with a completely different direction?
Any input would be greatly appreciated.