Thanks for the reply. I think for me, the current capabilities will suffice...that is, the client of my application does have to interact to give my app permission to access their account information(via the api). After that setup, I can, via the refreshToken, use the API to interact with CC with no interaction from my client.
... View more
I believe the oAuth2 implementation you currently have suffers from a potential security flaw. Luckily, allowing the redirect_uri to have a state parameter that is returned with the access code solves the problem and is an easy fix. See this article for a better explination - https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611
... View more
Help me understand why their oAuth 2 "Server Flow" doesn't meet your requirements. I'm starting on implementing it now and don't want to get half way there to discovered I've missed something. Granted, I just need the contact list manipulation APIs.
... View more
