Current behavior
If a user provides an invalid callback URL, Special:AppManagement returns a generic "Request failed" error.
Expected behavior
If a user provides an invalid callback URL, Special:AppManagement should display the error message from the OAuth extension to the user, so they can fix their callback URL. In addition to providing a helpful error message, provide guidance in Special:AppManagement to help users submit a valid URL (T266355).
Callback URL requirements for OAuth 2
- OAuth 2 callback URLs must use the HTTPS scheme
- The callback URL must point to a server you own
- OAuth 2 apps must use an exact callback URL. A bare domain is probably not what you want.
References
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OAuth/+/refs/heads/master/i18n/en.json#267
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OAuth/+/refs/heads/master/src/Control/ConsumerSubmitControl.php
- https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OAuth/+/refs/heads/master/tests/phpunit/Control/ConsumerSubmitControlTest.php