fix(oauth): use dynamic HA instance URL for redirect_uri (closes #19)

[daboynb]

Summary

Replace the hardcoded OAuth redirect URL with a runtime-computed value based on the actual Home Assistant instance URL.

Currently oauth2.py:17 hardcodes:

OAUTH2_CALLBACK_URL = "http://homeassistant.local:8123/auth/external/callback"

homeassistant.local only resolves on HAOS via mDNS. On HA Container, HAOS without mDNS, or instances behind a reverse proxy / Tailscale Funnel the OAuth setup flow lands on a callback URL the browser can't reach (DNS_PROBE_POSSIBLE / 404). Users currently work around it by manually pinning homeassistant.local in /etc/hosts on the OAuth-initiating client.

This PR derives the redirect from homeassistant.helpers.network.get_url(), the upstream-recommended way to obtain the HA instance URL with proper internal/external precedence. Falls back to the previous hardcoded value only if get_url() raises NoURLAvailableError (e.g. very early in startup).

Closes

• Please help, there is a problem with integration. #19 (Lemonezzz, 2025-12-07) — same symptom verbatim: "When using Google authorization, it transfers to an address like: http://homeassistant.local:8123/auth/external/callback?code=... if you manually remove the .local from the link, then it says Completed".

Compatibility test (existing tokens)

The Hisense OAuth backend was tested live against https://oauth.hijuconn.com/oauth/token with an existing user's refresh_token (issued previously with the hardcoded homeassistant.local redirect_uri), to verify the change does not break already-authenticated users:

grant_type=refresh_token request	HTTP	Result
with original redirect_uri=http://homeassistant.local:8123/...	200	new tokens
without redirect_uri	200	new tokens
with different redirect_uri (http://192.168.1.4:8123/...)	200	new tokens

Additionally, after a successful refresh the original refresh_token remained valid on subsequent calls (server is not single-use), so existing installations whose tokens were issued under the old hardcoded URL keep working as redirect_uri changes value across refreshes — the Hisense backend does not enforce a match against the authorize-time URL on the refresh grant.

Diff

-OAUTH2_CALLBACK_URL = "http://homeassistant.local:8123/auth/external/callback"
+OAUTH2_CALLBACK_PATH = "/auth/external/callback"
+OAUTH2_CALLBACK_URL_FALLBACK = f"http://homeassistant.local:8123{OAUTH2_CALLBACK_PATH}"

 @property
 def redirect_uri(self) -> str:
-    """Return the redirect uri."""
-    return OAUTH2_CALLBACK_URL
+    """Return the redirect uri based on the actual HA instance URL."""
+    try:
+        base = get_url(self.hass, prefer_external=False, allow_internal=True)
+    except NoURLAvailableError:
+        return OAUTH2_CALLBACK_URL_FALLBACK
+    return f"{base}{OAUTH2_CALLBACK_PATH}"

Test plan

• Python syntax check (ast.parse) passes
• Live compatibility tested against https://oauth.hijuconn.com/oauth/token (see table above)
• HA helper API verified against current upstream homeassistant/helpers/network.py
• New OAuth flow on HA Container (no /etc/hosts workaround) — to be verified by maintainer / community on next release