Cannot remove consent screen for first-party app

Get Help
,
1

Hi everyone,

We’re using Auth0 in the company I work for, and we have the following integration situation:

  • A web app serving static content and acting as an authentication layer
  • An API serving the data
  • The web app authenticates the user with the OAuth2 Authorization Code flow
  • The Application in Auth0 for this web app is a “Regular Web Application” and it’s “OIDC Conformant”
  • The API in Auth0 has “Allow Skipping User Consent” enabled, and it has a few scopes we’re claiming in the Application (“use:ui” and “use:api”)
  • The Application was already PATCHed with “is_first_party: true” via the Management API
  • This integration is happening in a remote environment, therefore not in “localhost”

However, I just can’t seem to be able to disable the consent screen, and this is impacting us because the app authenticating the user belongs to us, it’s a first-party app indeed.

Any ideas of what might be wrong? Maybe we’re missing something from our configurations? Is there any parameter that has to be passed with a certain value for this to work?

Thanks!

3

Hi @diogo.baeder,

Welcome to the Auth0 Community !

The steps taken above seem to be the correct ones in order to skip user-consent for a first-party-application, but the 3 things that I was able to find that might interfere with accomplishing this might be:

  1. adding “prompt=consent” to your authorize call
  2. if localhost appears in any domain in the application’s Allowed Callback URLs setting
  3. this will also depend if the audience is a Custom API or the Management API - you can check out this Knowledge Article about this

Hope this helps your case, but others as well!
Thanks,
Remus