I read the In-client OAuth documentation but it’s unclear to me when the authorize API should be called. Could someone please explain?
This would be the similar to calling the /authorize route when using a standard OAuth App flow.
Let me know if that helps.
Usually when asking the user for permission I wait until the app has a clear reason which the user can understand. What if we never need OAuth access for the app to function? Can we skip calling the authorize API?
@bridger Yes, but you would still want to support a browser-based OAuth flow with your app (i.e. a redirect URL) so that users can install your app using their browser.