The OAuth 2.0 Authorization Code workflow currently runs a local HTTP server to handle redirects. Some APIs, such as the Destiny API, do not allow HTTP redirect URLs to be configured.

A configuration option could be added to serve the redirect handler with HTTPS with a provided certificate, or restish could generate its own certificate.