If you actually just download a .py file, you need to run it with python. Like in the example you linked, something like
python3 _filename_
(and if that’s the case, you might need to add a line at the top of the file, telling it where the interpreter is. But probably you actually want the following)
To install, you use the python installer program, pip. Something like
pip _package-name_
Before you do either, you need to install python and pip. I don’t know exactly (look for correct package names), but you need to run something like
sudo apt install python3 pip



This right here. I’d rather my email stay the source of truth for auth, but totally sympathize with website owners that don’t want to store and protect any sensitive user data (like an email address and password).
I do wish some sites would offer the magic link option if they don’t want to keep password hashes. It has problems too, but can be a simple way sometimes.
On some level I know the OAuth flow should be pretty safe. The idea that I have one identity that gets me into multiple sites makes a lot of sense. And I’m already using the same email in most places, so it’s not like I’m anonymous anyway.
And yet… I can’t convince my paranoia that ‘sign in with Google’ isn’t oversharing. I always worry that authorizing with other sites will give too many permissions to see/alter Google/whatever data, or that clicking it will take me to a fake Google/whatever page where I give away my creds.