Actually, I think I may have just figured it out! I searched the auth-form JS for the string "We were unable to complete this request.", searched around the nearby code, and was able to step through the code where the auth form fetches and handles response of GET https://plex.tv/api/v2/pins/info?code=....
By looking at the response of GET https://plex.tv/api/v2/pins/info?code=..., I noticed that the origin field was null, but the code which handles the response specifically checks that the Origin and the forwardUrl's hostname are the same:
So, I tried adding Origin: header to the initial pin creation POST https://plex.tv/api/v2/pins?strong=true request and voila I was redirected to my forwardUrl!
@duncanbeeversAdmin I wonder if it is worth amending Authenticating with Plex to reflect this requirement for people planning to make use of forwardUrl?
Cheers,
Bo
