Status code for "Callback URL is invalid" is set improperly to a 500 error.

[jtsternberg]

If the $response is a json_oauth1_invalid_callback WP_Error Object, the response code gets set to 500 because the WP_Error Object does not have any error_data. I don't pretend to know the reasoning for how this set up, but I'm 99% sure that a 500 is the wrong error code for 'Callback URL is invalid' and it results in clients not receiving that error and surfacing it to their users (because 500 errors are assumed to not have a useable request body).