For installed applications Google, and at least some others, provide two special redirect_uris: * urn:ietf:wg:oauth:2.0:oob * http://localhost The first (urn:ietf:wg:oauth:2.0:oob) redirects to a special page on the auth server which displays the code in the browser title and in a textarea. See https://developers.google.com/accounts/images/installedresult.png for an example. This can be used in the case where an installed application is not able to start a "temporary" browser to list for requests on localhost. Or in the case where you need the user to manually copy/paste the code to the app. The second allows using localhost with any port. This is the recommended approach as the application can start a "temporary" browser on any free port to listen for a request to retrieve the code. I'm working adding these to Keycloak. This is needed at the moment to support Cordova applications, but will also be useful for anyone that wants to do other types of installed applications (for example a CLI).