I am testing Hydra locally,
I have an identity provider service implementing login and consent flow, it interacts correctly with Hydra.
At the end of the flow, the final redirection, Hydra returns an error saying I am using an insecure protocol, which is the case, it also tells me I can use an unsecure protocol using localhost suffix in the URL.
“The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed” error=invalid_request hint="Redirect URL is using an insecure protocol, http is only allowed for hosts with suffix
localhost, for example: http://myapp.localhost/."
My problem is I am using the exact URL the hint suggests and I have still the same error.
This is the performed request with the redirect_uri parameters (which is saved as `http://myapp.localhost/ in the database):
GET on /oauth2/auth?client_id=my-client&grant_type=authorization_code&scope=read&redirect_uri=http%3A%2F%2Fmyapp%2Elocahost%2F&response_type=code&state=thisisarandomstring`
Did I miss some Hydra configuration to allow correctly unsecure protocol or something else ?
Thanks for you help !