I've read through the discussion between Yanick and Olaf from last year, presumably related to iCPAN. I am now working on the same basic issue for CPAN Sidekick on Android. From that conversation, it sounded as if Olaf was going to ask the user for the username and password and perform authentication that way. However, it also seems that the conversation wasn't finished here because it seems to stop in the middle.
Android provides access to OAuth2 tokens through the account manager. That way, the user installs the Twitter app and sets her account up there. When she wants to sign in to the MetaCPAN API for voting and what-not, Sidekick asks for the auth token from Twitter. That causes Android to ask the user to grant permission for Sidekick to get a token. Once permission is granted, Android uses the account service provided by the Twitter app to fetch a token and gives it to Sidekick. I can use a nearly identical process to fetch tokens from Facebook, Github, or just about any other account service that works with OAuth.
I've finished the code to get the auth tokens from Twitter/Facebook/Github. Now, I need to ask
api.metacpan.org to give me access on behalf of the user with that token. Can anyone give me some help on what I need to do next?
Cheers.