review interface for client secrets api
as part of b433c1ed, soledad is passed as a parameter for the client secrets api. in the review I objected that passing the whole soledad object to the initialization seems like a bad design to me, since it couples the secret api to an object with too much responsibility.
I'd like to examine a couple of options:
- using a zope.proxy for initializing/updating the token/credentials instead, that would solve the problem of accessing the token instead.
- if that's not desirable for some reason, the secrets/storage objects should not depend on a soledad instance, but we could try to limit what interface those objects expect (making soledad implement those interfaces). this should make the contract more explicit and allow for better testability.