OK, so the callback page is getting called and the code looks right (well, I have no idea what it should look like, but I'll take your word ).

Is that code turning up in the DataFlex side of the oOAuth2?

You might follow the procedure I set out above a bit further in the JavaScript and see if it steps through into the final part of the login function:
                        else {
                            obj.set("wpsAuthCode", code, false);
                            obj.set("wpiExpiresIn", expires, false);
                            obj.set("wpbLoggedIn", true, false);
                            obj.set("wpsErrorCode", "", false);
                            obj.set("wpsErrorDesc", "", false);
And actually executes the obj.serverAction("LoginDone"); bit, or debugging in the DataFlex to see if it gets into the LoginDone procedure in the cOAuth2 class.

If it gets that far, then the problem will most likely be with the exchange of the authorization code for the actual access token that you use to make your calls to the service.