Is this a feature request or bug report? other question
Yesterday we made a change to our Auth0 configuration to skip confirmation in an API for a first party application following reading this docs page:
However, we found that we were able to leave localhost in the allowed callback URLs for the application, and still have the consent prompt skipped on our verified production URL (which is what we want).
I read the doc the same way. I would expect it won’t skip the prompt if you have LH as a registered callback URI. Is it still triggering when you run your app on LH? Let me know, I will suggest an update to the doc.
Sorry for the delay. I needed to set some time aside to test this before requesting a review. I set it up this morning and can confirm the behavior. I’ll put in a request from the team and let you know here when I have a response.