I've set my site up as an OAuth provider (so our user community can automatically access protected resources on other sites without creating new accounts).
The site correctly provides oauth_token & oauth_token_secret at:
It also correctly shows the authorization form at:
Although the authorization happens fine, I expect it to use the oauth_callback GET parameter to send the user back to the correct location on the other site.
Setting up a callback url in the Consumer settings means it jumps back to that one location, but shouldn't it just use the callback url specified in oauth_callback.
It looks like
function oauth_common_form_authorize() in oauth_common.pages.inc uses
$consumer->callback_url (i.e. the fixed address in Consumer settings) to redirect the user, ignoring
$callback = $req->get_parameter('oauth_callback'); further up.
Does anyone know what should be happening here?