From what I have been able to gather from reading and a little testing, the v3 API requires contacts to log into a Constant Contact account to grant permission to the application before they can sign up - is that correct?

In all the examples I have seen, there is an api_key, a token, and a redirect URI, but even though I created a secret key, it is not used - again from the examples I have seen. The authorization URI looks like this: "https://api.cc.email/v3/idfed?client_id={your_client_id}&redirect_uri=https%3A%2F%2Flocalhost%3A8888... but this takes the user (new contact) to the Constant Contact sign in page. 

This makes no sense to me, why would a new contact need to have a Constant Contact account -  and what is that secret key for if it is not used in the authentication? Or, am I missing something?

Any advice would be greatly appreciated,

Steve