Back to list

HTTPS-only redirect URI requirement hinders local development

4/10 Low

Some OAuth providers (e.g., Box) require HTTPS for redirect URIs, making it difficult or impossible to test locally with HTTP URLs like `http://localhost:5001`.

OAuth 2.0
Category
dx
Workaround
partial
Stage
debug
Freshness
declining
Scope
single_lib
Upstream
no_issue
Recurring
No
Buyer Type
individual
Maintainer
slow

Sources

Collection History

Query: “What are the most common pain points with OAuth 2.0 for developers in 2025?3/31/2026

The redirect URL settings requires HTTPS which can be difficult if you're trying to test locally (for instance my test app runs on http://localhost:5001 which is accepted every where else).

Created: 3/31/2026Updated: 3/31/2026