The problem identified in Application Login URI field payload validation error for https://localhost:3000/authorize still hasn’t been fixed, and it’s making it difficult to test in development.
The workaround of using https://127.0.0.1/… doesn’t quite work because the dev server is expecting http, not https.
Is there some reason the engineers can enable non-https localhost for Allowed Callback URLs and Allowed Web Origins, but not Application Login URI?
Hi @sdtf,
As stated in this doc:
The
login_urlshould point to a route in the application that ends up redirecting to Auth0’s/authorizeendpoint, e.g.https://mycompany.org/login. Note that it requireshttpsand it cannot point tolocalhost.
I don’t have a specific answer as to why it is required in this field versus the others you mentioned, but they address it specifically which suggests having a secure origin is important in this instance.
I would suggest formally making a feature request about this via our feedback page, this way the product team hears from you and can contact you with any questions.
Thanks,
Dan
Thanks for your reply. I submitted the feedback.
We really appreciate it! Thanks.
Let us know if you have any other questions!
Dan