My apologies, but I finally have alerts set up for this forum. I should be able to follow it more closely now.
You can only use RESTClient (and similar tools) without OAuth. Once you add OAuth, you need a more complex testing tool (like a sample client) to use a protected web service. This is why the sample code for the chapter includes a standalone sample client intended to be used to test the web service.
As for using the web service from iOS, you'll need to make a few minor tweaks. First, for your iOS app, you'll need to register with iOS a unique URI scheme that indicates to the OS that your app should be opened when that URI is triggered. For example, the URI scheme for the Twitter app is "twitter://." I am not an iOS developer, so I couldn't tell you how to register this URI scheme.
Once you've done this, you'll need to add the iOS app client redirect URI to the WebServiceClient_RedirectUri database table. The default URI, as you pointed out, is http://localhost:8080/client/support
(to which the authorization server will append the necessary parameters). Assuming the URI scheme you register with iOS is "myApp://" (that's a sample only), you could set the URI in the WebServiceClient_RedirectUri table to "myApp://oauth" or something similar.
Finally, whatever URI you put in the WebServiceClient_RedirectUri, you need to make sure your client includes the exact same URI in its initial forward to the authorization server.
This should get you going. Good luck working with this!