However Tesla doesn’t provide a way to grant a token to a 3rd party so you (your application) would still need my tesla account credentials.
How are you solving this?
I guess I am confused. I use ValetforTesla, granted it runs on my Mac, but I do not give anything other than token generated through an API call via a script, npx generate-tesla-token [1] ; after a NPM install through terminal. So yeah, its not official, but its open enough to know what it does
there are sites out there which claim security to generate tokens for you but I am not going to even begin to suggest them.
As long as you are running the software yourself then you are the only responsible party. (assuming they don't just send your credential to their server :) )