It appears via the OneDrive API documentation that a user must always "authenticate" using a web-browser to access the OneDrive API. This is not helpful for system accounts. Am I interpreting this correctly? Or is there a way to achieve step one without a browser:

Step 1. Get an authorization code

To start the sign-in process with the code flow, use a web browser or web-browser control to load this URL request.

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={client_id}&scope={scope}
  &response_type=code&redirect_uri={redirect_uri}

https://dev.onedrive.com/auth/graph_oauth.htm#code-flow

What you're looking for is an App-Only integration. See Get access without a user for details on how this process works.

Keep in mind that there are scope differences between app-only and delegated scenarios. Also, app-only scenarios will require Admin Consent before they can operate against a given tenant (see v2 Endpoint and Admin Consent).