MDL-53832 was being tested, 2 problems were raised about configuration not matching expectations to make the provider/consumer couple to work:
1) It seems that the consumer requires slasharguments (pathinfo) working in the server.
2) It seems that the provider does use server_name (instead of wwwroot, or htttp_host...) and if it's missconfigured, the consumer fails because it does not matches its signature expectations.
So this is about to discuss both cases (1 & 2) and see if we can make something to lower configuration requirements in order to get them working often. More specifically:
1) Can we make the consumer to work without pathinfo.
2) Should us normalize all Oauth signatures (it seems we have right now 3 versions of them in core) to use something better (wwwroot, or http_host, or maybe also consider HTTP_X_FORWARDED_xxx headers...). Custom modification and then PR upstream...
That's it. For a little bit more of context, see the the original issue and the related comments.
I'm initially marking this as must fix, to avoid forgetting it. Let's see how it evolves.... also, maybe some of the changes could be candidate to backport, as they are pre-existing.