How can I use Salesforce OAuth 2.0 implicit flow authentication in a WinForms application?

Question

I wrote a web application which connects to the Salesforce API using the OAuth 2.0 web server flow, and that all works fine.

But now there is a requirement to access the

Answer 1

redirect uri doesn't have to be public. It can be localhost:somePort and your application would have to be listening to traffic on that port.

For example if you want to develop SF code using SFDX CLI + Visual Studio Code - there's a nice way to authorise access to SF org where you type your credentials on the website but when all is good - the OAuth piece gets sent to localhost:1717. As long as nothing else is listening on this port you're fine. Similar with Salesforce Data Loader - you can type username and pass to it but it also has this web-based flow. And sometimes it's the only option really, if your SF admin enabled Single Sign-On that authenticates against Active Directory/Google/Facebook/... - you might not be able to use SF username and password.

My C# days are long gone but listening on a port on local machine shouldn't be the end of the world? You shouldn't need a full-blown web server bundled with your app...

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow has some good theory

https://docs.microsoft.com/en-us/dotnet/api/system.net.sockets.tcplistener?redirectedfrom=MSDN&view=netcore-3.1 example code?