@drq
1. It depends on what type of app you're building.
2. Are you sure that you've got an access token and not the token which is used to get access token?
3. Invalid grant could mean that you didn't set permissions you wanted to have when requesting the token.
OAuth can be non-obvious sometimes.
Also this library is not an exame of an excellent documentation.
@skobkin
1. A group bot
2. No, I'm not. There are however two methods:
Authenticate (which takes context, login and password)
AuthenticateToken (which takes context, supposedly an access token and some redirect uri)
3. Permissions are set, I checked.