Great, I should be able to get something working then. It'll likely be a Python script.

The basic reason you need a server is that the API wants to control which applications can access its services as well as which users. The way OAuth does this is by giving the application developer a secret, which must be kept from the user. If the secret could be embedded in the application we wouldn't have this problem but also, a user could extract the secret and use it in their own, unauthorized application, which the API developer is trying to prevent.

It might help to know that the OAuth mechanism offered by Spotware is usually intended for web applications. If you have a website that connects to the Facebook API for example, you'd use a similar authentication mechanism (in fact Facebook and Google use OAuth as well). In this case, all the code that interacts with the API is already running on a server under the control of the developer so this isn't really a problem. You can see that the existing Connect API clients (https://www.spotware.com/partners/open-api-partners) are all web based as well.

Spotware and the brokers don't need OAuth servers because they can use internal APIs. OAuth is only for external developers and it's handled entirely by Spotware, which proxies things through to the brokers.