This is definitely a question about software development And I'd strongly argue the casual user at docusign is not trying to navigate their oAuth. This is definitely something only a dev would do. I am developing a Next.JS app with DocuSign API integration using Authorisation Code Grant oAuth. It was working fine, but the app is un-reviewed. As I tinkered with it, I flipped the switch that said that my app can store a client secret so I could try JWT auth instead of authorisation code grant. This broke everything, but when I try to switch it back, I get "This integration key could not be updated. Please try again in a moment.". It's been days now. I can make a new app, but I get the same thing when I try to edit it.
A video of the issue is here: https://imgur.com/a/7AQzJjl
I have checked the callback uri and cors addresses for non-allowed characters, as per the other stack overflow question on the subject. They're fine. No issues there. I expected to be able to save the settings changes and get on with getting the app working correctly.
Turns out we recently made a change to not allow localhost as an origin. The reason you had it like that before is that we didn't enforce it earlier. The reason for this is that it's a security issue because localhost is not really your own DNS, everyone can use localhost.
While we understand localhost can be used for testing in the developer account, we had this as a strict rule, but we're discussing if it can be relaxed for developers only (so when you go live to production, you won't be able to use localhost for sure).
For now, just remove localhost and you should be good.
Workaround that may work use https://127.0.0.1 instead of https://localhost and see if that works for you.