Could you elaborate a bit more? From what I can tell the Authorization flows always make a callback which means that you always need to be listening on the callback URL to be able to complete the Authentication and get access to the token? From my understanding (and happy to be corrected) that means you always need to have some kind of limited web server running.