Consent prompt cannot be skipped on Native first-party app

red_dash · May 15, 2026, 9:33pm

Hi,

I’m trying to suppress the consent (“Authorize App”) screen for a Native iOS first-party application, and despite working through the standard documentation, I can’t get it to skip.

Setup: Native iOS app using the Auth0 Swift SDK 2.x. The application has is_first_party=true, oidc_conformant=true, app_type=native, token_endpoint_auth_method=none. The audience is a custom API in the same tenant, with “Allow Skipping User Consent” enabled. The login request asks for scope “openid profile email offline_access” with prompt=login.

The consent screen appears on every login. I confirmed via GET /api/v2/grants that a grant exists for the exact (user, client, audience, scope) combination — same user, same client, same audience, same scope set as the request.

Things I already tried: switching the application type from Native to Regular Web App (still consent); switching the audience from the Management API to the custom API with the stored grant (still consent); using prompt=none for a silent flow (returns “consent_required” error even though the grant is present); dropped offline_access from the scope.

nik.baleca · May 15, 2026, 11:53pm

Hi @red_dash

Welcome to the Auth0 Community!

The most likely reason Auth0 is forcing the consent screen for your first-party Native application is the presence of a localhost URL somewhere in your application’s settings. If localhost exists anywhere in your “Allowed Callback URLs”, Auth0’s security engine completely ignores the “Allow Skipping User Consent” toggle and forces consent as if it were a third-party app.

If localhost was not in your settings, the secondary culprit is an Auth0 Action silently modifying your request.
Auth0 evaluates consent based on the final scopes requested after the pipeline runs. If you request openid profile email offline_access , but a custom Auth0 Action dynamically appends a custom scope (e.g., read:admin ) to the token, Auth0 will see that the final scope list does not match the stored grant you verified via the Management API. Because a new scope was added, Auth0 will force the consent screen.

I would recommend to temporarily disable your Login Actions/Rules to see if the consent screen disappears.

Looking forward to your update!

Kind Regards,
Nik

Topic		Replies	Views
Cannot remove consent screen for first-party app Get Help apis , application	2	505	April 10, 2025
Requesting access prompt Get Help login-experience , new-universal-login-experience , free-trial	4	93	May 29, 2025
Privacy issues on allowing skipping user consent Get Help auth0 , consent , login	0	1952	May 30, 2022
First Party - Skip consent screen Get Help	12	16642	October 27, 2019
Consent prompt text Get Help auth0 , api , consent	6	4043	September 16, 2020

Consent prompt cannot be skipped on Native first-party app

Related topics