Hi Wain,
Happy to hopefully provide some insights into how you could implement this functionality. As a simple disclaimer, you should do your own research and investigation into best practices and merely use the below as theoretical possibilities.
It appears that warcraftmounts.com already implements an authentication system, and as such it could be more approachable to implement the addition of a “Connect with Battle.net” button to the user account page, rather than adding Battle.net as a way to signup for warcraftmounts.com. We often see this pattern utilized by community sites that wish to maintain their own user registries.
Essentially the flow would be that you require the user to signup on warcraftmounts.com using your existing registration flow, and then on the user account settings page provide them with a button “Connect with Battle.net” that will push the user into the Authorization Code Flow, which when completed will result in the retrieval of an OAuth Access Token. You can then either store this token in your database or store in the user’s session (however you have this implemented).
Once you have the token saved you can then use this token to access the Account Collections Summary API document(s) in response to user interaction, or as part of cron jobs, etc.
It is important to keep in mind that technically the token you stored could become invalid at any time, for a number of reasons. For this reason, it is important to provide sufficient error handling logic any time you attempt to utilize the token. A potential strategy for handling invalid tokens could be to require the user to “reconnect” to Battle.net anytime you fail to call the Account API with their token, which could be implemented as showing the user a message indicating that their Battle.net account needs to be reconnected, etc.
If you determine that you do not have a pressing need to keep the user’s Access Token stored other than when you are actively reading the players Account Collections Summary API document(s), then an alternative strategy to the above could be to add a “Sync Mounts with Battle.net” button, which when clicked would perform the Authorization Code Flow, retrieve the list of mounts for the user, and then store them in your database. This alternative flow would require users to re-visit your site anytime they wish to sync their mounts, which may or may not be an issue for your preferred user-flows.
Hopefully, this is helpful, and please do not hesitate to pose any further questions.
The changes to implement the new API all made sense to me as they fit in context of what I was previously doing, but this stuff less so.