Two things:
-
The OAuth Service Provider in question is violating the OAuth spec if it’s giving you an error if you don’t specify a callback URL. callback_url is spec’d to be an OPTIONAL parameter.
-
But, pedantry aside, you probably want to get a callback when the user’s done just so you know you can redeem the Request Token for an Access Token. Yahoo’s FireEagle developer docs have lots of great information on how to do this.
Even in the second case, the callback URL doesn’t actually have to be visible from the Internet at all. The OAuth Service Provider will redirect the browser that the user uses to provide his username/password to the callback URL.
The two common ways to do this are:
- Create a dumb web service from within your application that listens on some port (say, http://localhost:1234/) for the completion callback, or
- Register a protocol handler (you’ll have to check with the documentation for your OS specifically on how to do such a thing, but it enables things like <a href=”https://stackoverflow.com/questions/670398/skype:555-1212″> to work).
(An example of the flow that I believe you’re describing lives here.)