In its readiness checks, Auth0 strongly suggests not having localhost domains as allowed callback URLs.
When developing front-end code, chances are it will be served by a local dev server, e.g. at http://localhost:3000. This means that to authenticate when developing, the OIDC provider must allow a redirect to http://localhost:3000.
Are Auth0's warnings about localhost legitimate?
What are some good solutions for handling these conflicting requirements?
Note: This question is about Auth0, but the problem applies to building SPAs with OIDC in general.