As per the link http://apigee.com/docs/developer-services/content/configuring-api-products,under the section "Configuring callback URL handling",its been said,"When the app requires user credentials, it doesn't ask for a username and password. Instead, it forwards the end user to the callback URL site, where she logs in, which allows the app to get an OAuth access token to use in place of her username and password.".

My understanding so far is,"The login app typically POSTs a redirect response back to Apigee Edge. Edge then directs the user's browser to the registered callback URL." as per http://apigee.com/docs/api-services/content/oauth-v2-policy-authorization-code-grant-type.

But the developer-services link seems to be contradicting this.It looks like login app url itself is specified in the callback url.

Need some clarification on this please.