EDIT: It looks like my callback URL was not correct, but instead of actually receiving the “Oops something went wrong” page with that error detail, I just received a 403 and had to authenticate again. I’m not sure which of the three attempted suggestions worked (incognito with no extensions, disabling the two flags mentioned, or switching to a custom domain), but I will update if I can narrow that down at all.
EDIT 2: It looks like there may have been two issues, both only viewable in the source of the response to the network request in Chrome dev tools:
- For the
403response to/authorize: the list of callback URLs must, for some reason, include bothhttps://example.comANDhttps://example.com/callback. - For the
400response to/authorize: the list of allowed web origins must, for some reason, include bothhttps://example.comANDhttps://example.com/.
The latter of the two issues was encountered on a tenant that did not have a custom domain, so that solution was likely unnecessary. It is possible that both of these issues were due to configuration problems on my end, but I really think the documentation should be clearer about these things.