Need to be able use use non-SSL localhost for development

I’ve been hooking up all the various complex elements of your auth solution and have hit a barrier when trying to request an access token. I’m sure you’re familiar with this “requires consent” problem even when the skip flag is enabled. The issue is that it doesn’t work with http://localhost. We do front-end development locally against a development tenant and need to be able to use our current local development solution without jumping through a ton of hoops to get local SSL up and running.

Furthermore, this “Requires consent” issue is extremely poorly documented. Granted it’s part of the OpenId spec, but it’s unclear how this relates to API roles and permissions, which are often controlled by the application owner, and not by the user.

Hi @geoffatsource

Welcome to the Auth0 Community, it’s great to have you here :slight_smile:

I’m wondering whether it’s not the fact that you’re running your app on http but rather you’re running it on localhost. A workaround might be to map localhost to a local domain as suggest here https://auth0.com/docs/get-started/applications/confidential-and-public-applications/user-consent-and-third-party-applications#skip-consent-for-first-party-applications

Regards

Unfortunately the Auth0 client API fails with an error saying it does not support http (only https) in that case.