Accessing the Users Token requires consent after login

Help
,
1

I am attempting to use getAccessTokenSilently to get the access token after the user logins in.

Currently, the root of my application looks like this:

import React from 'react'
import ReactDOM from 'react-dom/client'
import App from './AppEntryPoint/App.tsx'
import { Auth0Provider } from '@auth0/auth0-react'

ReactDOM.createRoot(document.getElementById('root')!).render(
  <React.StrictMode>
    <Auth0Provider domain={dev-asdf.us.auth0.com} clientId={ARandomString} authorizationParams={{
        redirect_uri: window.location.origin,
        scope: "read:current_user update:current_user_metadata"
      }}>
      <App />
    </Auth0Provider>
  </React.StrictMode>,
)

First, the user is prompted to sign in:

image
image1420×589 10.9 KB

From here I click with Google:

image
image1477×1636 66.9 KB

After this, it loads the profile component where I attempt to get the user’s token

import { useAuth0 } from "@auth0/auth0-react";
import { useEffect } from "react";

export const  Profile = () => {
    const { user, isAuthenticated, getAccessTokenSilently } = useAuth0()
    useEffect(() => {
        const getUserData = async () => {
        
            try {
              const accessToken = await getAccessTokenSilently({
                authorizationParams: {
                  audience: `https://dev-asdf.us.auth0.com/api/v2/`,
                  scope: "read:current_user",
                },
              });
                
            } catch (e: any) {
              console.log(e.message);
            }
          };
        
          getUserData();
    }, [isAuthenticated])
    return (
        <>
            {isAuthenticated && (<div>
                {JSON.stringify(user)}
            </div>)}
        </>
    )
}

However, I get a “consent required” error despite the user already consenting to log into the application.

I can access the user object and it displays {"sub":"google-oauth2|<NumberGoesHere>"} when displayed on the screen

3

Hi @michaelnicol71,

This is likely because you are developing on localhost which is not a verifiable first party application. Because of this, you can’t skip the Auth0 consent prompt.

To get around this, you can register your application following this workaround:

https://auth0.com/docs/get-started/applications/confidential-and-public-applications/user-consent-and-third-party-applications#skip-consent-for-first-party-applications

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.