I need to write a tutorial explaining this.
The redirect URL is where the login page goes to when the login is successful or the user has abandoned (failed to many times or clicked cancel). The redirect URL will have the authtoken appended to it as a URL Param if the login succeeded.
In an app that can show a webview and get events about that webview (so most) the idea is to capture the redirect event to your specific url, read out the auth token from the url param and just close the view.
Does that make sense?