Per T74186: Varnish: Mobile site redirect interferes with OAuth authorization process, applications should not use a nice URL (/wiki/Special:OAuth/authorize) for the authorize and authenticate endpoints because the mobile redirect interferes with the workflow. We should test if that's still the case (both the Varnish redirects and core authentication handling have been changed since) and fix it if so. But first of all, we need an easily reproducible way to test it.
Either create a locally executable tool which tests if the redirect is working (using e.g. oauthclient-php), or a web tool - maybe adapt https://oauth-hello-world.toolforge.org/ if @Anomie is OK with it.