Fix OAuth HTTPS, www, slash, and query callback mismatches.

When to use this fix

• The OAuth error names a redirect_uri mismatch.
• The app and provider are using the same environment but different URL components.
• The mismatch is http vs https, www vs non-www, slash, query, or port.
• You need a canonical production callback before editing provider settings.

When not to use this fix

• The app is using the wrong OAuth client ID for the provider project.
• The provider rejected scopes after accepting the redirect URI.
• The token exchange fails with invalid_client after callback success.
• The route itself returns a 404 after the provider redirects back.

Before and after callback

Registered:
https://example.com/oauth/callback

App sends:
http://www.example.com/oauth/callback/

Registered:
https://example.com/oauth/callback

App sends:
https://example.com/oauth/callback

Pattern to verify in your environment.

Canonical callback checklist

1. Choose the production host users actually use: example.com or www.example.com.
2. Choose HTTPS unless you are testing a provider-supported localhost flow.
3. Copy the app-generated callback path exactly.
4. Keep query parameters only if the app always sends them and the provider accepts them.
5. Save the same exact URI in the provider dashboard and app configuration.

Common false positives

• The provider accepts both HTTP and HTTPS for localhost, but not for production domains.
• The browser redirects www to non-www, but OAuth providers compare before following your site redirect.
• A reverse proxy shows HTTPS publicly while the app generates HTTP internally.
• A trailing slash can be significant even if your web server normalizes it later.

Verification checklist

• The authorization URL contains the exact expected redirect_uri.
• The provider dashboard contains the same URI in the redirect/callback field.
• The app is using the matching OAuth client ID for that dashboard entry.
• The next failure, if any, moves past redirect URI comparison into code or token handling.