How to getTokenSilently without consent on localhost

Regarding callback URLs: is your question referring to the fragment URLs (# part in there)? The fragments are not needed. Just https://local-api:5000/ should be enough for example.

Sorry I might not have been clear. I mean if we need to remove any reference to localhost as the documentation you referenced mentioned:

http://localhost:3000, https://local-api:3000

VS

https://local-api:3000

in reference to:

Similarly, you cannot skip consent (even for first-party applications) if localhost appears in any domain in the Allowed Callback URLs setting (found in Dashboard > Applications > Settings). Make sure to update Allowed Callback URLs , and the callback URL you configured in your application, to match the updated domain-mapping.