diff --git a/rowers/templates/developers.html b/rowers/templates/developers.html
index b81bb596..117a4547 100644
--- a/rowers/templates/developers.html
+++ b/rowers/templates/developers.html
@@ -126,6 +126,10 @@
       expires,
       use the refresh token to refresh it.</p>
 
+    <p>The redirect URI for user authentication has to be <i>https</i>.
+      Developers of iOS or Android apps should contact me directly if
+      this doesn't work for them. I can add exceptions.</p>
+    
     <p>The POST call must have content-type: <i>x-www-form-urlencoded</i>.
       I set it this way to support the handy testing utility mentioned
       belower. However,
diff --git a/rowsandall_app/settings.py b/rowsandall_app/settings.py
index 6a7a614a..4b8ef550 100644
--- a/rowsandall_app/settings.py
+++ b/rowsandall_app/settings.py
@@ -324,6 +324,9 @@ GMAPIKEY = CFG['gmapikey']
 OAUTH2_PROVIDER = {
     # this is the list of available scopes
     'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'},
+    'ALLOWED_REDIRECT_URI_SCHEMES': ["http",
+                                     "https",
+                                     "rowingcoachexport"]
     # 'OAUTH2_BACKEND_CLASS': 'oauth2_provider.oauth2_backends.JSONOAuthLibCore'
 }