I'm not certain if the OAuth flow is working as expected...
When initiating an OAuth flow for an existing, and currently logged-in user, the OAuth pattern works as expected. After the OAuth consent screen is displayed, flow correctly redirects the user to the redirect_uri.
However, if a user is NOT logged in, the flow works to the point of providing an Airtable login screen for the user and then drops them into their admin page WITHOUT a OAuth consent screen. I would have presumed that for users who have not logged in, Airtable would allow them to login and then proceed to the OAuth consent process. As it stands now, users are dropped into Airtable without ever redirecting back to the calling site leaving users stranded.
Thank you for the bug report! I'm an engineer on the API team at Airtable, this is unexpected behaviour that we are now looking in to. I will keep you updated on our investigation, though as it is now the holiday period, it will take us some extra time to address.
As you mentioned, the workaround for now would be to ask users to log in to Airtable before starting the flow.
Hi @Ian_Erickson - Thanks for your patience! The team has been able to track down the issue - there is a bug in our redirect after login flow that interacts with how the URL parameters in the authorization URL are defined.
We’ll be looking into fixing this on our end, but for now, you could get around this on your end by making sure to URL-encode the redirect_uri and scope parameters when constructing your authorization URL.
We’ll add a note to our documentation about this as well.