The login_url should point to a route in the application that ends up redirecting to Auth0’s /authorize endpoint, e.g. https://mycompany.org/login . Note that it requires https and it cannot point to localhost .
I don’t have a specific answer as to why it is required in this field versus the others you mentioned, but they address it specifically which suggests having a secure origin is important in this instance.
I would suggest formally making a feature request about this via our feedback page, this way the product team hears from you and can contact you with any questions.