<p></p>
<blockquote>
<p dir="auto">Have you already authorized the application? What happens if you remove that authorization - does it work then?</p>
</blockquote>
<p dir="auto">If the application is already authorized then we get "stuck" at the login screen with the reported failure.</p>
<p dir="auto">If not then everything works as expected without any error. First the login screen appears, then the "grant permissions" page, where the confirmation successfully closes the web view and redirects to our app.</p>
<blockquote>
<p dir="auto">I suspect what is happening is that login is redirecting to authorize which is then redirecting to your callback because the application was already authorized and the browser is applying the original policy from login rather than the one send by the redirect to authorize.</p>
</blockquote>
<p dir="auto">Sounds plausible to me.</p>
<blockquote>
<p dir="auto">That's a pain because it means reducing the policy for login even more :-(</p>
</blockquote>
<p dir="auto">I see, but couldn't this be at least made exceptional? So it is only loosened when containing the redirect to the ouath authorization end point?</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/3424#issuecomment-1014383685">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLKDSEISTDUACWEJJGTUWPXZ5ANCNFSM5MEDWCMQ">unsubscribe</a>.<br />Triage notifications on the go with GitHub Mobile for <a href="https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675">iOS</a> or <a href="https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub">Android</a>.
<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLNI5FE4BJRA2U67YALUWPXZ5A5CNFSM5MEDWCM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOHR3EIRI.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/3424/1014383685</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/3424#issuecomment-1014383685",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/3424#issuecomment-1014383685",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>