My organization has developed an application that connects to the Canvas API to update settings of some courses.  It's a non-web, mostly "headless" application.

In development, we've been passing our own personal access tokens to the app to use for Canvas API authorization.  However, we've seen that Canvas recommends scoped OAuth tokens should be used.  We can appreciate that for the scoped aspect, which limits the token's API access.  Before we deploy our app to production, we'd like to implement that, but we're uncertain how to do that with a non-web app.  Usually OAuth requires the server (Canvas) to make a web request back to the client (our app) during the authentication process.  That's not possible in this case.  We will not set up a web interface for this one app that will be used infrequently.

Can a non-web app use Canvas scoped OAuth tokens to access the API?  Can anyone provide example code?