IE 11 doesn't redirect on successful login when using cross-origin authentication

In IE11 (Windows 10), auth0-lock@10.23.1, the successful login is not redirecting back to our app. Here is a gif:
alt text

The link that is not redirected is:

https://amio.eu.auth0.com/authorize?client_id=W0fAQBgC5h4bEhJchWEEGsyxxXN0cr93&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A9000%2Fapp%2Flogin&audience=https%3A%2F%2Fapp.amio.io&connection=amio-dev&sso=true&state=cBhnClbdjb2VjCieCMtFGi74-mjtGzhS&realm=amio-dev&login_ticket=Ek16dHGsGGe2pnDHMT15SSfXZ3BXbKIB&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMC4yMy4xIiwibGliX3ZlcnNpb24iOiI4LjEwLjEifQ%3D%3D

Given that configuration and the Lock version being referenced you’re using cross-origin authentication which makes use of third-party cookies during the authentication flow. In addition to that you’re then using a localhost based origin for your testing which would likely imply that your application will fall under the IE 11 Local Intranet security zone (you can confirm it by right-clicking on an application client page and selecting the Properties action from the IE menu). Given that the flow will navigate to https://[your_domain].auth0.com/authorize which will likely by default fall within the IE 11 Internet security zone then you just crossed streams (which unless you’re up against a giant Marshmallow Man is not a good idea) causing the authentication flow to fail.

My recommendation would be for you to either manually ensure that both your application and your Auth0 domain fall within under the same security zone and then repeat the tests. You can either add sites to a zone manually or just use something other than localhost for development so that it gets treated as Internet security zone also by default.

Direct solution from @jmangelo’s answer:

Basically, use 127.0.0.1 instead of localhost.