Drupal Association members fund grants that make connections all over the world.
I've set my site up as an OAuth provider (so our user community can automatically access protected resources on other sites without creating new accounts).
The site correctly provides oauth_token & oauth_token_secret at:
It also correctly shows the authorization form at:
Although the authorization happens fine, I expect it to use the oauth_callback GET parameter to send the user back to the correct location on the other site.
Setting up a callback url in the Consumer settings means it jumps back to that one location, but shouldn't it just use the callback url specified in oauth_callback.
It looks like
function oauth_common_form_authorize() in oauth_common.pages.inc uses
$consumer->callback_url (i.e. the fixed address in Consumer settings) to redirect the user, ignoring
$callback = $req->get_parameter('oauth_callback'); further up.
Does anyone know what should be happening here?