Am evaluating your OAuth2 feature for use in a Xojo Cloud project that will integrate with Salesforce.
First of all, your example code does not compile, but I fixed that.
My questions are about the callback and the redirect. Why is the callback is set to "localhost:3017"? I understand that 3017 is the port... my real question is about the localhost part.
Also, I noticed that at the end of the OAuth2 process the browser redirects to a page on the Chilkat site. How do I control/change this?
If you can, please let me know what changes you made to fix the compile errors. :)
The callback URL should match what you specified for the callback URL when you defined the connected app in the Salesforce UI. See: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_defining_remote_access_applications.htm
You would always use a localhost URL, with some port number that is unlikely to conflict with anything else. Chilkat is creating a background thread that listens on that port, and receives the callback from the browser. To say it another way: Your Xojo app will popup a browser to ask the Salesforce account owner for permission. When the user clicks the button to grant permission, the browser sends an HTTP request to salesforce.com, which sends a redirect response using the callback URL (which in this case is "localhost:3017"). This causes the browser to redirect the request to the Chilkat background thread, which consumes the HTTP request (thus acting like an HTTP server for that one request), and then sends the response to the browser.
The redirect to the chilkatsoft.com site is just caused by the default content in the OAuth2.RedirectAllowHtml property. It contains HTML w/ a META refresh to a web page on chilkatsoft.com. You can change the RedirectAllowHtml property to whatever you want -- either static HTML to be displayed, or potentially a META redirect to your own site.