The OpenID Connect specification states that localhost is not a valid hostname when application type is web and grant is Implicit.
From OpenId Connect Specitication (application_type)
Web Clients using the OAuth Implicit Grant Type MUST only register URLs using the https scheme as redirect_uris; they MUST NOT use localhost as the hostname.
It later states
This prevents sharing a Client ID across different types of Clients.
How does disallowing localhost prevent sharing? Directly specifying a local ip address, such as 127.0.0.1 is still allowed.