Dropbox OAuth2 authorize API is not redirecting as expected

Question

I'm attempting to connect to the Dropbox API using OAuth2. I'm using DropNet as the client library and using the Token (implicit grant) flow option. The test code (roughly the same as DropNet.Samples.WinForms) is a simple dialog with an embedded browser control to display the API login page.

The problem I'm seeing is that the API does not redirect the browser to the specified redirect URL (http://localhost). After I provide my credentials and click Allow to grant access, instead of being redirected to localhost I'm redirected to https://www.dropbox.com/1/oauth2/authorize_submit, which fails to load (error 404). There are also no query parameters on the redirected URL. I'm expecting to be redirected to localhost with query parameters containing an authorization code.

For reference the login URL is: https://www.dropbox.com/1/oauth2/authorize?response_type=token&client_id=<blah>&redirect_uri=http://localhost.

Does anyone know what I'm doing wrong? The behavior looks very similar to what's described in: Obtain OAuth2 Access Token for Dropbox Core API with Codenameone's Oauth2 Class, but there's no direct answer there.

Answer 1

[edited] I still don't know why it isn't working to use http://localhost as the redirect URL, but I switched to using https://www.dropbox.com/1/oauth2/redirect_receiver as recommended by @Greg, and it works correctly now.

In case it affects other people trying to use the DropNet WinForms sample code, I also had to adjust the code to handle the Navigating and Navigated events in the embedded browser, in addition to DocumentCompleted, because the browser behavior seems to vary by OS and browser version (not a big surprise). The code also needs to be smart enough to stop navigating once it detects the redirect because the browser may continue navigation from that point.

Originally I had fixed it by redirecting to Google, but as @smarks pointed out, this is not a good idea.