Application OAuth callback URL can't be whitelisted

oauth

#1

In preparation for the callback URL whitelisting, I went to our app settings page and tried to add this callback URL:

twitterrific://authenticate

The page reports:

“The client application failed validation: Not a valid callback URL format.”

This is a valid URL and the scheme is registered on both iOS and macOS. I’m guessing that there is an assumption that callbacks will always be http: or https:.

A registered URL scheme is the only way to get the verified OAuth tokens back to an app, so this validation check needs to be updated.

-ch


#2

Double-checked here, and it turns out that for a mobile app with an app-specific callback like this, you would just use the protocol i.e. twitterrific://


#3

Hw to whitelist our callb ack URL?


#4

This really needs to be put into the docs (and/or into the error message itself). This is not self-evident in any way, given that the web callback whitelist requires a full scheme + hostname + path.


#5

Noted. Thank you for the suggestion @jamesreggio. We will make sure to adjust the docs accordingly.


#6