Nothing stopping you from redirecting a code response redirect from the authorization server. Have a shim server return 302 from `http://localhost/subdomain/oauth?code=...` to `http://subdomain.localhost/oauth?code=...`…
Seriously, the QR is just a URI that any QR reader can decode (preferably one you trust). https://github.com/google/google-authenticator/wiki/Key-Uri-...
Nothing stopping you from redirecting a code response redirect from the authorization server. Have a shim server return 302 from `http://localhost/subdomain/oauth?code=...` to `http://subdomain.localhost/oauth?code=...`…
Seriously, the QR is just a URI that any QR reader can decode (preferably one you trust). https://github.com/google/google-authenticator/wiki/Key-Uri-...