Problem statement
The documentation for the Quickstart for iOS/MacOS apps describes how to setup Allowed Callback URLs in the format of:
YOUR_BUNDLE_IDENTIFIER://{yourDomain}/ios/YOUR_BUNDLE_IDENTIFIER/callback
However this app fails in production with the following error:
Use publicly-accessible Allowed Callback URLs for all Applications
Troubleshooting
Check the version of iOS that is in use when this error is encountered. This issue is likely to be encountered with iOS 10 and later versions.
Cause
It is not possible to use HTTP URLs as OAuth callbacks on iOS since iOS 10. It is necessary to use a custom scheme.
Solution
Refer to OAuth 2.0 redirection with Universal Links should NOT require user interaction for details of a workaround that involves setting up an interstitial page with a button to redirect to the app.