Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The standard says that, when redirecting back to the app, the service provider should append the oauth_token and oauth_verifier parameters to any existing parameters in the callback url (section 6.2.3, http://oauth.net/core/1.0a/#auth_step2):
The callback URL MAY include Consumer provided query parameters. The Service Provider MUST retain them unmodified and append the OAuth parameters to the existing query.
The submit function for the authorize form does not apply consumer provided query parameters as it is now.
http://cgit.drupalcode.org/oauth/tree/oauth_common.pages.inc
Comments
Comment #1
timbrandin CreditAttribution: timbrandin commented#2350645: Correct OAuth 1.0a standard: Add missing callback url tracking.