I was referred this post for more info on the matter
I would take a look at the whole topic. Your best compromise might be having the user login through the browser, which sounds like the Oauth Spec recommendation anyway.
I’ll let you know If anyone else has more info,
Dan