- Which SDK this is regarding: auth0-spa-js
- SDK Version: 1.13.5
- Platform Version: e.g. Node 12.11.1
- Code Snippets/Error Messages/Supporting Details/Screenshots:
Is this a feature request or bug report? other question
Yesterday we made a change to our Auth0 configuration to skip confirmation in an API for a first party application following reading this docs page:
However, we found that we were able to leave localhost in the allowed callback URLs for the application, and still have the consent prompt skipped on our verified production URL (which is what we want).
The documentation and other comment threads on the matter appear to suggest that this shouldn’t work. E.g. Disable Authorize App dialog
Is our use here, were we leave localhost in the allowed callbacks, unsupported or is this just my misreading of the documentation?