> No browser is required, except to interface with the user.
That seems like it's always required then. I think maybe I'm not understanding what you mean. Can you describe the flow in a bit more detail? I would be very interesting in doing OAuth2 without a web browser.
Oh, I see what you mean. Yes, the flow is probably going to require user consent via a browser. But that doesn’t mean the whole app has to be JavaScript, and I believe there are flows that are more suitable for clients that aren’t. And I’m not sure I see this as a downside, the whole point is that the frame of the site you’re authorizing through is trusted. There’s no easy way to replicate the security implications of what it’s doing without a browser.
That seems like it's always required then. I think maybe I'm not understanding what you mean. Can you describe the flow in a bit more detail? I would be very interesting in doing OAuth2 without a web browser.