When you register a GitHub App, you can specify a callback URL. When you use the web application flow to generate a user access token in order to act on behalf of a user, users will be redirected to the callback URL after they authorize the GitHub App.
For security reasons, we recommend specifying multiple callback URLs and expecting an exact match when the user is redirected. If you only want to specify a single callback URL, you can use wildcards in the URL, but this is a less secure approach.
You can specify up to 10 callback URLs. If you specify multiple callback URLs, you can use the redirect_uri parameter when you prompt the user to authorize your GitHub App, to indicate which callback URL the user should be redirected to. If you do not specify redirect_uri, the first callback URL will be used. For more information about using the redirect_uri parameter, see "Generating a user access token for a GitHub App".
The callback URL is different from the setup URL. Users are redirected to the setup URL after they install a GitHub App. Users are redirected to the callback URL when they authorize a GitHub App via the web application flow. For more information, see "About the setup URL."
For more information about generating user access tokens, see "Generating a user access token for a GitHub App". For more information about registering a GitHub App, see "Registering a GitHub App." For more information about modifying a GitHub App registration, see "Modifying a GitHub App registration."