Confusion about SPA and API, when user signs up

mahood73 · March 24, 2023, 1:45pm

I have created a very simple API, and it authenticates by means of JWT. At the moment, the only consumer of that API is a React SPA, which uses Auth0 for user signup and authentication.
Everything is working fine: when a user isn’t logged in, they don’t have access, and when they are, they do. I’m still developing it, so it’s not live yet.

My problem is around user sign up.

When a new user signs up, they’re immediately prompted to allow access to their account for the API. Given that I have created both, I don’t want that extra friction and a slightly alarming message.

I feel I must have set something up wrong - but I don’t know what, based on the docs. I have enabled Roles, although I don’t really need them yet. Might that be the problem?

I want a user to automatically be able to use the API when they sign up to the SPA, without needing to grant extra permissions, and I can’t figure out how.

Many thanks,

Mark

dan.woda · March 29, 2023, 7:24pm

Hi @mahood73,

The consent prompt can be skipped for first party applications (your app), unless you are developing on localhost. In this case, you will have to deploy a workaround for the prompt to be skipped on localhost, otherwise wait until you deploy the app.

More info: User Consent and Third-Party Applications

mahood73 · April 10, 2023, 12:51pm

Sorry, I missed your reply - this is indeed happening on localhost, so that explains it!

dan.woda · April 10, 2023, 12:53pm

Thanks for following up! Glad it was a simple fix.

system · April 24, 2023, 12:53pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.