I would like to implement OAuth login for Imgur plugin. And it will need to store tokens somewhere. Plugin settings is obviously not an option, because it stores data in plain text inside of a vault. In Discord chat I was suggested to try LocalStorage, but with a caution that it won’t probably work in mobile version. While Imgur plugin does not target mobile platform, what is the most preferable place to store sensitive data? And if there is no such a place, it’s probably worth thinking about creating such an API for plugins.
Quoting snyk.io:
local storage should never be used for sensitive information such as passwords or personal information
PS One other thing which prevents me from implementing OAuth login is that I can not receive all the data coming to Obsidian protocol handler as part of a callback URL, see the detailed description here