I am really buffled by the choice of OAuth2 for API access. How are we supposed to ingegrate it into an SSR application that can be deployed and redeployed, started and restarted hundreds of times in the course of its lifetime. Are we supposed to perform the manual steps every time to get the API going? What if there is no server-side storage - how do you deal with keeping track of all the grant and access tokens? 

Can you put together a full example that would clarify all these issues. Assume there is no postman. The app will be started by the CI script and there are no humans to attend. The app should run in multiple dev, staging and production environments.