I am evidently one of the very few people on this entire platform that uses Auth0 for an Electron app.
I have developed an Electron app that uses the Universal Login, and when a user signs up and creates an account, they are met with that “Allow consent…” dialog because I have to use “localhost” in my Allowed Callback URLs list. I used your own Electron guide to set this up like a year ago.
Unfortunately, as the User Consent and Third-Party Applications states, Auth0 does not allow you to skip consent (even for first-party applications) if localhost appears in any domain in the application’s Allowed Callback URLs setting.
For local development, you should be using a separate dev tenant. You can use the Deploy CLI Tool to export/import your current tenant configuration into a new dev tenant (instead of recreating everything manually)
That is unfortunate because, like I previously stated, Auth0’s own Electron guide also encourages and requires you to use localhost in the Allowed Callback URLs.
Because an Electron app is a downloadable application existing on a client’s machine, and not a centrally-hosted server, I see no way around requiring localhost to be in the Allowed Callback URLs.
Is there some other way to make this work with Electron apps that I am not seeing?
@displagent I found this post that talks about a similar issue when localhost is used in Allowed Callback URLs, I hope the solution provided in the post helps
It looks like this is impossible to solve in Auth0. The link provided above references a GitHub repo that states to add “file:///” to the Allowed Callback URLs in the Auth0 dashboard for an Electron app, but it does not work from what I can see as of 2023-10-24.
Disappointing that Auth0 does not have a workaround for this. Oh well.
