I wonder if your problem isn’t the the callback URL at all but is how you are calling the authorize endpoint “in terminal”. Are you trying to curl it? I hope it’s clear that OAuth 2.0’s authorization code flow requires the browser.
There’s nothing wrong with a localhost callback URL. In this previous thread, I shared a CLI tool that does that: