In preparation for the callback URL whitelisting, I went to our app settings page and tried to add this callback URL:
twitterrific://authenticate
The page reports:
“The client application failed validation: Not a valid callback URL format.”
This is a valid URL and the scheme is registered on both iOS and macOS. I’m guessing that there is an assumption that callbacks will always be http: or https:.
A registered URL scheme is the only way to get the verified OAuth tokens back to an app, so this validation check needs to be updated.
-ch
