Hi,

Im in the process of updating our implementation from Oauth 1 to Oauth 2, and I noticed you are now validating the Callback URL field (in the application) against the redirect_uri value Im sending in the request. 

I noticed it while debugging, because redirect_uri was set to localhost in the query. In order to make a quick test, I changed the Callback URL to: http://localhost:8003/Provider/FitbitCallback and it worked. (I was able to debug it before)

So here is the question: Since you are validating it, Is it possible to make it work with different subdomains? If yes, what value should be set in the Callback URL field?

For example: 

I have 3 subdomains, and this is what I have been sending in the redirect_ui (with Oauth 1):

subdomain1.mySite.com/Provider/FitbitCallback

subdomain2.mySite.com/Provider/FitbitCallback

subdomain3.mySite.com/Provider/FitbitCallback