jvogt
localhost needs to be done from the server unless it’s a VM and you have port forwarding. Other than that you can send your complaints to MS as they require HTTPS or localhost addresses. You can let it use HTTPS and then just manually change the URL on redirect to HTTP. But I’m not sure if that will let you refresh tokens afterwards.
Cheers.