Oauth is terrible desktop/mobile UX, and it doesn't provide any real security. A genuinely malicious application can spin up a webview under its control -- or do almost anything else it likes with your account.
As long as passwords are stored in the system's secure keychain, using passwords is not just OK -- it's the right desktop/mobile UX.
The only time OAuth makes sense is on the web, where by the very nature of the web's design, user's passwords would be provided to unrelated 3rd party servers outside the user's control.
Please STOP inflicting OAuth on non-web platform's users.
As long as passwords are stored in the system's secure keychain, using passwords is not just OK -- it's the right desktop/mobile UX.
The only time OAuth makes sense is on the web, where by the very nature of the web's design, user's passwords would be provided to unrelated 3rd party servers outside the user's control.
Please STOP inflicting OAuth on non-web platform's users.