Configuration for redirect_uri not being used during authentication flow for Apple Provider

[dionridley]

It appears the redirect_uri config is not being respected during authentication flow for the apple provider. I don't know if this is true of all providers as I've only tested this with the apple provider.

My application configuration is as follows.

Mix.exs

      ...
      {:phoenix, "~> 1.7.2"},
      ...
      {:pow_assent, "~> 0.4.18"},
      {:certifi, "~> 2.4"},
      {:ssl_verify_fun, "~> 1.1"}
      ...

config.exs

config :my_app, :pow_assent,
  providers: [
    ...
    apple: [
      client_id: System.get_env("APPLE_OAUTH_CLIENT_ID"),
      team_id: System.get_env("APPLE_OAUTH_TEAM_ID"),
      private_key_id: System.get_env("APPLE_OAUTH_PRIVATE_KEY_ID"),
      private_key_path: System.get_env("APPLE_OAUTH_PRIVATE_KEY_PATH"),
      redirect_uri: System.get_env("APPLE_OAUTH_REDIRECT_URI"),
      strategy: Assent.Strategy.Apple
    ]
  ]

This is an issue for me because apple does not allow you to use a http address (like localhost) for your domain or callback. I attempted to use ngrok to give me a https address for the server which works but when you get redirected it appears to be using the configured host and port from phoenix's config.exs files to tell it what the redirect_uri should be.

Even after attempting to hack my way out of it by switching those to match the server so they get passed along it still fails as my local server isn't https so it passes a http address to apple.

Am I missing something in how this should be configured or is this a bug? Also is there a way to configure this to always use the hostname the client is browsing vs. the configuration on the server? I can see scenarios where the deployment environment might want the client's url vs. the server's configuration.