Why is a redirect used on oath?

See the example here. Why is a redirect used simply to connect to a service? Why bother with mocking a service and all that stuff? Is there some valid reason for all of this or is this just because someone made an assumption about how authentications would be used (i.e. author and user are different)? Is there a good way of avoiding this within the REPL?

https://github.com/SaxoBank/openapi-samples-python/blob/master/authentication/oauth/code-flow/bare-bones-code-flow-app.py

Answer

I don’t fully understand your issue, but regarding the SAXO API and the oauth token, you always to need to define the RedirectUrls for generating the token. That’s why the 5 keys listed in the provided are indeed mandatory :

params = {
    "grant_type": "refresh_token",
    "refresh_token": token_data["refresh_token"],
    "redirect_uri": app_config["RedirectUrls"][0],
    "client_id": app_config["AppKey"],
    "client_secret": app_config["AppSecret"] 
}

FYI, you can find the full doc of the Redirect URI here below :

https://www.oauth.com/oauth2-servers/redirect-uris/