So hey @saenzramiro8, we have been discussing Electron use internally for a little while. I think your issue could be that the flow you’re using isn’t designed to be used in Electron.
We’re currently recommending Electron apps use the Authorization Code Grant + PKCE, as we would recommend with native apps.
Here is a guide to setting that up: Call Your API Using the Authorization Code Flow with PKCE
My limited understanding of this issue is that using Implicit Grant instead of Authorization Code Grant + PKCE is that it is vulnerable to a local app acting as a fake endpoint for the token, essentially becoming a man-in-the-middle attack that can take your token (and maybe pass it back to Electron, so you never know!)
The specific CORS error you’re running into is probably related to not being able to register a local domain on our dashboard as an origin, I’m not sure you’d want to either. It wouldn’t be very secure due to the man-in-the-middle attack risk.