Is it possible to use OAuth 2.0 without a redirect server?

Question

I\'m trying to create a local Java-based client that interacts with the SurveyMonkey API.

SurveyMonkey requires a long-lived access token using OAuth 2.0, which I\'m

Answer 1

Yes, it is possible to use OAuth2 without a callback URL. The RFC6749 introduces several flows. The Implicit and Authorization Code grant types require a redirect URI. However the Resource Owner Password Credentials grant type does not.

Since RFC6749, other specifications have been issued that does not require any redirect URI:

• RFC7522: Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
• RFC7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

There is another IETF draft that tries to introduce another grant type for limited devices (https://tools.ietf.org/html/draft-ietf-oauth-device-flow) which does not require any redirect URI.

In any case, if the grant types above do not fit on your needs, nothing prevent you from creating a custom grant type.