Use of HTTP URLs in iOS Since Version 10

Problem statement

The documentation for the Quickstart for iOS/MacOS apps describes how to setup Allowed Callback URLs in the format of:


However this app fails in production with the following error:

Use publicly-accessible Allowed Callback URLs for all Applications


Check the version of iOS that is in use when this error is encountered. This issue is likely to be encountered with iOS 10 and later versions.


It is not possible to use HTTP URLs as OAuth callbacks on iOS since iOS 10. It is necessary to use a custom scheme.


Refer to OAuth 2.0 redirection with Universal Links should NOT require user interaction for details of a workaround that involves setting up an interstitial page with a button to redirect to the app.