I am creating an iPhone application and am using a callback URL when using OAuth. I tried the client app and when it directs users to the login Web page it says that it isn't trusted. I then created a Web app and it does the same thing. The domain verification was successful for the Web app. I would think it needs to be a client app.