I've lately seen issues with Google claiming that the app of the
browser is not secure. As such it is safer to just use a real
web browser. It also means we can get rid of the awful webengine
dependency in KGAPI.

AS of now, the AuthJob will simply launch a browser, wait for user
to click through the authentication there and wait for the tokens
to be sent by the browser via a socket. Implementations are encouraged
to not launch the AuthJob silently as that might confuse users as to
what is happening, but instead do so upon a user action.