Our current fuse/webdav lib is davfs2. There's a thread in the davfs2 bugzilla, in which the lib author said he would not implement OAuth tokens. However, he gave suggestions for a workaround:

With option "add_header" you can add any header you want, e.g. your non-standard authorization header. Details are in "man davfs2.conf".

Additional advise:

• Remove all file permission for group and others from file davfs2.conf, so nobody but you can read your token.
• Your header-value probably contains spaces. You must enclose the value in double quotes.
• Additionaly set option "ask_auth 0" to prevent useless input requests.

We could probably try it (although the asking person from that thread seems to be failing with this workaround). However, an open issue remains that there is probably no way to replace the token value on the fly. Remounting is rather not an option.

Other options are trying some alternative libraries, e.g. webdavfs.

CC @diocas

Yes, the real issue is the fact that we cannot update the token. We could try the workaround (but then how does it work if he does base64(user:pass)?). If it works we ask the guy to allow reading the password from a file, which doesn't seem to big of a task.. Could we implement it ourselves and do a PR?

We can also try alternatives, but didn't you discard others because of their performance?
That webdavfs, doesn't it also prevent the use of a file?

The workaround works fine. I tested it with Nextcloud and documented in #8.

The missing part is extending the davfs2 library. I forked it into https://github.com/sciencemesh/davfs2 and start specifying requirements for that extension here.