diff --git a/oauth_common.pages.inc b/oauth_common.pages.inc
index 358b1df..eae7e2e 100644
--- a/oauth_common.pages.inc
+++ b/oauth_common.pages.inc
@@ -140,6 +140,13 @@ function oauth_common_form_authorize() {
       '#value' => $token,
     );
 
+    if (!empty($callback) && valid_url($callback, TRUE)) {
+      $form['callback'] = array(
+        '#type' => 'value',
+        '#value' => $callback
+      );
+    }
+
     $message = !empty($context->authorization_options['message']) ? $context->authorization_options['message'] :
       'The application @appname wants to access @sitename on your behalf, check the permissions that you would like the application to have.';
     $form['message'] = array(
@@ -283,9 +290,11 @@ function oauth_common_form_authorize_submit(&$form, &$form_state) {
 
   $token->write(TRUE);
 
-  if (!empty($consumer->callback_url) && $consumer->callback_url !== 'oob') {
+  $callback = isset($form_state['values']['callback']) ? $form_state['values']['callback'] : $consumer->callback_url;
+
+  if (!empty($callback) && $callback !== 'oob') {
     // Pick the callback url apart and add the token parameter
-    $callback = parse_url($consumer->callback_url);
+    $callback = parse_url($callback);
     $query = array();
     if (!empty($callback['query'])) {
       parse_str($callback['query'], $query);