桌面MFC应用程序的授权码授予类型

我正在开发一个使用TradeStation WebAPI的桌面MFC应用程序( http://tradestation.github. io/webapi-docs/). WebAPI提供授权代码授予类型"( http://tradestation.github.io/webapi-docs/en/getting-started/security-overview/)，如下所示:1)客户端应用程序会将最终用户路由到我们的MFA(多因素身份验证)登录页面网页. 2)认证成功；用户代理(浏览器)将被重定向到提供的URL，并在查询字符串中包含授权码. 3)其他一些东西...

I'm developing a desktop MFC application which uses TradeStation WebAPI (http://tradestation.github.io/webapi-docs/). The WebAPI provides "Authorization Code Grant Type" (http://tradestation.github.io/webapi-docs/en/getting-started/security-overview/) which is the following: 1) The client application will route the end-user to our MFA (multi-factor authentication) login page web page. 2) Upon successful authentication; The user agent(browser) will be redirected to the URL provided and include an Authorization Code in the query string. 3) Some other stuff...

问题是我不知道如何从第2步中获取代码.我看了一些示例，发现只有两种方法.

The problem is I don't know how to obtain the code from the step 2. I've looked some examples and found only two approaches.

1. MFC应用程序实现嵌入式浏览器(而不是使用 WebBrowser ActiveX控件派生的默认系统浏览器) 并实现BeforeNavigate事件处理程序以获取代码 重定向.缺点-嵌入式浏览器的实现过于繁琐，无法获得唯一的代码，此外，不信任嵌入式浏览器的用户可能会拒绝它.
2. 应用程序使用默认的系统浏览器，该浏览器重定向到网站.该网站接受该代码，然后将其传递给应用程序.缺点-需要一个网站.

1. MFC application implements an embedded browser (rather than using the default system browser) derived from WebBrowser ActiveX control and implements BeforeNavigate event handler to get the code on redirection. Drawback - the embedded browser implementation is too heavy to obtain the only code, moreover it may be rejected by users who don't trust embedded browsers.
2. The application uses the default system browser which is redirected to a web site. The web site accepts the code and then passes it to the application. Drawback - a web site required.

两者都有缺点，我想知道是否还有其他方法可以在我的应用程序中实现授权码授予类型".

Both have drawbacks, and I'm wondering if there is other approaches to implement "Authorization Code grant type" in my application.