I somehow missed the OAuth callback URL lockdown announcement. Saw it in a retweet. Had a moment of panic due to the short timeframe: June 8th.
So, attempted to register Followerwonk’s callback URLs. I need to register 18. It only accepts 10.
Why so many? Two domains—site migration coming up soon and we’ll run in parallel for a bit: moz.com/followerwonk and followerwonk.com. Three environments: dev, staging, production. Three callbacks: sign-up with Twitter, login with Twitter, connect a Twitter account. 2 x 3 x 3 = 18.
I haven’t checked the docs or experimented with it, yet, but I wonder if it accepts extra parameters and passes them back.
Accepting a prefix that includes a fully qualified domain would help. Wildcarding subdomains would also help.
If nothing else, I’ll have to cache the internal callback action with the request token and redirect accordingly. But that some implementation work I hadn’t planned and I’m already on a really tight schedule for the site move.
I could use a little help here, Twitter.