A Word of Caution:
It might be useful to understand what OAuth is. OAuth is a way for two (or more) parties to confirm the fact that they are who they say they are. This is done by a set of secret handshakes that only both sides know.
In short, the very first thing that happens is that both sides exchange some secret value. This exchange happens outside of OAuth and the secret is NEVER displayed to anyone other than the two parties.
The example code in index.html doesn't even try to hide the secret, and frankly, it's considerably difficult to do that even in the best of situations because users can stop and examine code with most recent browsers.
So, while your secret may be disclosed, in a properly functioning system, the user's data is only disclosed after the user concents to it.
Webcalls without a Web
Fortunately, that doesn't mean that you have to fire up your browser of choice in order to make these calls. You do need to have something that talks HTTP, however. Again, there are lots of choices, for instance libcURL is available for darn near everything out there. There are also plenty of systems that provide native calls.
For the most part, these calls will either want the arguments in-line
with the call (use
OAuthSimple().sign(...).signed_url;), as a
request header (
OAuthSimple().sign(...).header), or as the POST
request body (you may want to use _normalizedParameters() for that,
but understand that it's not a public function and is subject to
change.) Again, see the documentation for the service you wish to
connect to for how best to provide this info.
How to use it.
Honestly? Read the source. I commented the heck out of it and there's example code inside there. Plus, unlike this, it is more likely to be documented and included with the distribution.