Once I have the access token, I add the Authorization header using ModHeader and it sends it on all requests to this API, so I can still use my HTML output handler and be logged in. It’s useful for sending custom headers of all kinds for different tools, so I thought I’d mention it!
I’m working on an API which uses OAuth2, but it also has an HTML output handler so I actually do quite a lot of my development in the browser for read-only stuff (I wrote an earlier article about output handlers including the HTML output handler). I fell across an extension for Chrome called ModHeader (WTF kind of URL is that, google?) which does this trick for me!