Can't you just MITM a login and use the login token? The login flow never materially changes (it's always the same two credentials), that seems like way less of a pain than whatever this OAuth flow is supposed to be.