From Github official documentation, these are the good/bad callback urls:
CALLBACK: http://example.com/path
GOOD: http://example.com/path
GOOD: http://example.com/path/subdir/other
BAD: http://example.com/bar
BAD: http://example.com/
BAD: http://example.com:8080/path
BAD: http://oauth.example.com:8080/path
BAD: http://example.org
Does this mean that having a subdomain as a callback URL is bad ? (knowing that the homepage is also a subdomain)
I tested oauth with the domain example.com in development (configured in my /etc/hosts to use localhost) but when I deployed to production where I use a subdomain (subdomain.mydomain.com), I had this error:
?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch&state=IDDbDeU3IyLe
