Issues with the oauth2 flow to integrate Swan

[moneymanolis]

1. The link in the email with the OTP is sometimes missing the redirectTo parameter. Without it, the link just leads the user to login and the flow breaks.
2. With the redirectTo parameter, the flow breaks at the oauth/consent endpoint.

You cannot approve the scope and you are not redirected back to the redirect URI specified in the original OAuth2 URL (back to Specter). However, the user still gets logged in. If he tries again to link the account in Specter the flow works.

[moneymanolis]

"Solution" suggestion: The linking of the account / integration seems to work fine if the user is logged in before he hits the “Link your account” button. Until the above issues are fixed, we could at least add an info box in the UI to inform the user that the integration only works reliably if he manually logs in first. @moritzwietersheim

[aphex3k]

I can not confirm the suggestion.

1. I am logged in on app.swanbitcoin.com
2. I am logged in on Specter Desktop at localhost:25441
3. When I click "Link your Account" it goes to this url and shows the below error

   https://api.swanbitcoin.com/oidc/auth?client_id=specter&redirect_uri=http://localhost:25441/svc/swan/oauth2/callback&response_type=code&response_mode=query&code_challenge=<redacted>&code_challenge_method=S256&state=<redacted>&scope=offline_access%20v1%20write:vendor_wallet%20read:vendor_wallet%20write:automatic_withdrawal%20read:automatic_withdrawal&prompt=consent