URL Encode OAuth Callback URLs
Quick Answer: OAuth 2.0 requires the redirect_uri parameter to be URL-encoded when included in authorization URLs. The encoded redirect_uri must exactly match one of the registered redirect URIs in your OAuth provider settings (character for character, including encoding).
FAQ
Does redirect_uri encoding need to match registration?
Yes. The decoded redirect_uri must exactly match a registered URI. Most OAuth providers compare after decoding, but some compare the encoded form.
Can I use localhost in OAuth redirect_uri?
Most providers allow http://localhost (no HTTPS required) for development. Register http://localhost:3000/callback or your dev server port.