URL Encode Redirect URLs — Encode Callback & Return URLs
Quick Answer: When passing a full URL as a query parameter (e.g., redirect_uri or return_url), the entire URL must be encoded. The colons, slashes, and query string of the redirect URL become percent-encoded so they do not break the outer URL structure.
FAQ
Why do redirect URLs need encoding?
A URL inside a query parameter contains characters (? & = /) that conflict with the outer URL structure. Encoding prevents the inner URL from being parsed as part of the outer query string.
How do I encode a redirect_uri for OAuth?
Apply encodeURIComponent() to the entire redirect URL: ?redirect_uri=https%3A%2F%2Fexample.com%2Fcallback. Most OAuth libraries handle this automatically.