Cannot remove consent screen for first-party app

Hi everyone,

We’re using Auth0 in the company I work for, and we have the following integration situation:

• A web app serving static content and acting as an authentication layer
• An API serving the data
• The web app authenticates the user with the OAuth2 Authorization Code flow
• The Application in Auth0 for this web app is a “Regular Web Application” and it’s “OIDC Conformant”
• The API in Auth0 has “Allow Skipping User Consent” enabled, and it has a few scopes we’re claiming in the Application (“use:ui” and “use:api”)
• The Application was already PATCHed with “is_first_party: true” via the Management API
• This integration is happening in a remote environment, therefore not in “localhost”

However, I just can’t seem to be able to disable the consent screen, and this is impacting us because the app authenticating the user belongs to us, it’s a first-party app indeed.

Any ideas of what might be wrong? Maybe we’re missing something from our configurations? Is there any parameter that has to be passed with a certain value for this to work?

Thanks!

Hi @diogo.baeder,

Welcome to the Auth0 Community !

The steps taken above seem to be the correct ones in order to skip user-consent for a first-party-application, but the 3 things that I was able to find that might interfere with accomplishing this might be:

1. adding “prompt=consent” to your authorize call
2. if localhost appears in any domain in the application’s Allowed Callback URLs setting
3. this will also depend if the audience is a Custom API or the Management API - you can check out this Knowledge Article about this

Hope this helps your case, but others as well!
Thanks,
Remus

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.