Does the redirect_uri param for the access token have to be the same as the one used for the request token

I apologize in advance for some confusion over the terminology. I get a bit confused with the whole OAUTH process.

I've noticed that I need to pass a redirect_uri to the facebook grant access token method even though I can't see h开发者_如何转开发ow it's being used. My server is making the request and getting the response so there is no redirect going on. Plus it seems that the redirect uri in the granting access token call must be the same one used in the request access token call (I understand that it's needed in the request access token call but not in the grant access token call).

Not sure this is needed but here is the code I'm using in order to get facebook to grant the access token.

    var url = String.Format(
      "https://graph.facebook.com/oauth/access_token?client_id={0}&client_secret={1}&code={2}&redirect_uri={3}", 
      this.AppId, 
      this.AppSecretKey, 
      code, 
      System.Web.HttpContext.Current.Server.UrlEncode(this.CallbackUrl)
     );

Yes, to help Facebook verify the request to exchange the auth code for an access token, the redirect_url must be the same for both requests.

You're right in that to get the access token, no actual redirect is performed, the access token is returned in the body of the HTTP response.