Hey.. just wanted to say that I tried your backend and so far it was working after some initial struggling with getting the right authentication data. I later found a swift gateway which let me use Duplicity with swift:// ... this was "easier" than using your backend. So I switched.
Just yesterday that gateway stopped working because it used some old auth code which is not working anymore as it seems so I decided to write my own little gateway based on OAuth2. You can check it out here:
https://github.com/oderwat/hubic2swiftgate.
What I really "miss" is a way to authenticate without "OAuth2" in an more "terminal tool" friendly way. Your code "circumvents" the whole thing by just letting the user "authenticate" a fake "app" and use the token (still you get the os_token yourself later on).
My gateway makes it much more "natural" to use a swift based client but needs an extra apache2 server running the gateway. What are your thoughts about how to implement a "terminal" friendly auth system?