If you login with an AuthenticationProvider that needs to redirect you to another page (e.g. how GoogleLogin does), you aren't redirected to the page which is specified in the returnto url parameter. The return URL for the external authentication page is something like:
http://localhost/w/index.php?title=Special:UserLogin/return&wpLoginToken=1651a11de52abe82532b24c87debd7d25740e8cd%2B%5C&returnto=Special%3ARemoveCredentials&code=4%2F4wm1tRjTf13CARICv7EjusPxCHCDLSHsRjqEBFD4LBk#
where you see the returnto query. However, after processing the request through [[ https://github.com/wikimedia/mediawiki/blob/master/includes/specialpage/AuthManagerSpecialPage.php#L92-L134 | AuthManagerSpecialPage::handleReturnBeforeExecute ]] you'll get this as a redirect:
string(39) "http://localhost/wiki/Special:UserLogin"
The AuthManagerSpecialPage class strips any unnecessary query parameters with the [[ https://github.com/wikimedia/mediawiki/blob/master/includes/specialpage/AuthManagerSpecialPage.php#L490-L506 | AuthManagerSpecialPage::getPreservedParams() ]], but unfortunately, this function doesn't preserve the returnto and returntoquery parameters, which should be preserved to correctly handle the redirect after a successful login.
This is somehow bad, especially, if an user needs to re-authenticate for a sensitive-data-action (such as calling Special:RemoveCredentials), as they get redirected to the main page after successfully authentication with a Provider that needs a redirect.