OAuth2 - Authorize with no user interaction

Question

So I\'m trying to access my own data from an external app via their API. I only need access to my own data. Not trying to receive data from any of my users\' accounts,

Answer 1

The oauth2 grant you are describing is called Authorization Code Grant. This way of authentication has been designed so that applications which want to access resources of a user do not have access to the users credentials.

So if you found a way to interact with the user credentials in this grant it would be considered a hack.

If you do not want the individual user to enter the username and password but you want to access the api with a kind of "system account" this is not the oauth grant you should use.

There are multiple grants that would work for you. The question is which are supported by the authorization server and available to you.

Resource Owner Password Credentials Grant

This grant type is suitable for clients capable of obtaining the resource owner's credentials.

However

The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application.

It is very likely that this grant type is not avaiable as it could be misused to steal user credentials.

Client credential grant

The client can request an access token using only its client credentials.

How the resources are tied to a client is not part of the oauth specification and therefore provider specific.

---

If you want to read more about oauth2 here is a good article.