In my understanding (and I’m still playing catchup with the authenticator paradigm and mutable data), when packaged and registered with the system your app will be triggered with a response from the authenticator which will automagically pass the required response (string here) to your app for you to continue with your SAFE work.
Currently this doesn’t work (for me) in development as the application is in no way registered on the system so the browser/authenticator cannot find it to pass the response.
The setup with the terminal / string setup is temporary, insofar as I understand.