Support Application Payload URI for http and localhost

The problem identified in Application Login URI field payload validation error for https://localhost:3000/authorize still hasn’t been fixed, and it’s making it difficult to test in development.

The workaround of using https://127.0.0.1/… doesn’t quite work because the dev server is expecting http, not https.

Is there some reason the engineers can enable non-https localhost for Allowed Callback URLs and Allowed Web Origins, but not Application Login URI?

Hi @sdtf,

As stated in this doc:

The login_url should point to a route in the application that ends up redirecting to Auth0’s /authorize endpoint, e.g. https://mycompany.org/login . Note that it requires https and it cannot point to localhost .

I don’t have a specific answer as to why it is required in this field versus the others you mentioned, but they address it specifically which suggests having a secure origin is important in this instance.

I would suggest formally making a feature request about this via our feedback page, this way the product team hears from you and can contact you with any questions.

Thanks,
Dan

Thanks for your reply. I submitted the feedback.

1 Like

We really appreciate it! Thanks.

Let us know if you have any other questions!

Dan

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.