Confusion about SPA and API, when user signs up

I have created a very simple API, and it authenticates by means of JWT. At the moment, the only consumer of that API is a React SPA, which uses Auth0 for user signup and authentication.
Everything is working fine: when a user isn’t logged in, they don’t have access, and when they are, they do. I’m still developing it, so it’s not live yet.

My problem is around user sign up.

When a new user signs up, they’re immediately prompted to allow access to their account for the API. Given that I have created both, I don’t want that extra friction and a slightly alarming message.

I feel I must have set something up wrong - but I don’t know what, based on the docs. I have enabled Roles, although I don’t really need them yet. Might that be the problem?

I want a user to automatically be able to use the API when they sign up to the SPA, without needing to grant extra permissions, and I can’t figure out how.

Many thanks,


Hi @mahood73,

The consent prompt can be skipped for first party applications (your app), unless you are developing on localhost. In this case, you will have to deploy a workaround for the prompt to be skipped on localhost, otherwise wait until you deploy the app.

More info: User Consent and Third-Party Applications

Sorry, I missed your reply - this is indeed happening on localhost, so that explains it!

1 Like

Thanks for following up! Glad it was a simple fix.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.