Hey Scott
The urn:ietf:wg:oauth:2.0 value looks like a standard, but it isn't. It's a google invention that's been picked up by others. From what I can tell it's put in place of a return_url and used in two ways:
1. After login, our authorization point displays a page with the authorization code as the window title. Another app (like a phone app or desktop app) reads the code from the window title, closes the window, then does the backend exchange.
2. After login, our authorization point displays a page with the authorization code in a box with instructions to cut and paste it into another app. Which then exchanges it as normal.
It is a useful thing. We've been asked for the functionality of (2) by others, but I had no idea this 'standard' existing, so my advice so far has been for them to basically implement (2) on their own server.
Regarding the problem as reported (localhost return urls not working) I don't see this as a solution to that. Unlike google, we support localhost return urls, so I'm not sure what the problem is. Could you give more details?
Best,
Tom Demeranville
Technology Advocate
ORCID Inc