Clarifying the Desktop Application OAuth2 Flow
To clarify further:
When your desktop application (or script) calls Chilkat.OAuth2.StartAuth, two things happen:
- It returns a URL that you need to open in a web browser to obtain authorization interactively from the account owner of the service you are integrating with.
- It initiates a background thread that acts as a web server to handle the redirect request sent from the local web browser.
In the web portal where you define your app, you should specify a callback URI in the format
“http://localhost:<portNumber>/”. This callback URI is where the redirect request will be sent and received by Chilkat’s background thread, which is waiting for the HTTP request on the specified port number.
It’s important to note that the callback request originates from your local web browser and is directed to your app running on the same machine. Since your application is not an actual web server, it cannot use TLS (Transport Layer Security) because it lacks a server certificate that the web browser would trust. Additionally, since the callback is not going through the internet, TLS is not necessary.