To clarify, I've been looking at the various clients in the examples and know that I can simply add an authorization header with a bearer token to the REST requests. However, as far as I understand the examples and the code, all the login flows are based on login forms and redirects. While this is convenient for web applications, I'm missing a simple way for a "headless" client to obtain a token in return for application credentials or an API key. Are you planning to support this kind of use case?