Consent prompt text

Hello, we are testing Auth0 to allow users to login via Facebook and Google. Can we change the text on the consent screen? Currently it shows the following. It would be nice if the text would be a little more plain english.

image

The following will not exactly answer your specific question, however, from the screenshot shared I’m assuming that the application that triggered this flow is your own application. In other words, the organization that owns/controls the application is the same that owns the Auth0 tenant.

In this case the application would be considered a first-party application (https://auth0.com/docs/applications/first-party-and-third-party-applications) which would also mean that the likely reason you’re actually seeing the consent prompt is a side-effect of you possibly still being in development and running the application in localhost (https://auth0.com/docs/authorization/user-consent-and-third-party-applications#skip-consent-for-first-party-applications).

If the above is correct, the consent prompt should not even be in the equation as first-party applications are unlikely to need to trigger the consent prompt unless they are still being run in localhost due to testing.

In conclusion, it may be worthwhile for you to review if you actually going to depend on the consent prompt (for example, you will have third-party applications for which consent can’t be skipped) before spending additional time with the contents of the prompt.

Now, to the question itself, if you haven’t gone through (https://auth0.com/docs/scopes/customize-consent-prompts) yet, it may be relevant to read as it covers some possibilities for customization of that prompt although if I recall correctly it may still not allow full customization of everything.

Aloha Jmangelo,

Thanks for the quick response. We are currently testing this on Nalula.com It shouldn’t be setup for localhost. But this is our first time using Auth0 and I suspect we might be using it wrong. Not sure.

So are you saying we do not need a consent screen at all? We do own the auth0 tenant and the Nalula application. I guess I got confused on the first party - third party documentation. We would prefer to not have a consent screen but I was under the impression we need one. Can you confirm if we need one or not?

We are only implementing this login so that a user can save their favorite properties on the site. We do save their email to our DB and the properties the liked etc.

Based on your description, given that the application doing the login is your own service you should not technically require a consent prompt. Having one may even be slightly confusing to the user because you own the Auth0 domain/service so it will likely be branded as Nalula.

Given the application from which they start the login will also be Nalula, the consent prompt would basically be something like Nalula (the application) is requesting access to your information in Nalula (the identity provider service where you have a Nalula account).

On the other hand the above would make sense if the client application is owned by a different party; now, there’s still the question of why you’re getting the consent. I’m afraid the consent may be triggered by several distinct situations (where localhost would only be one of them). Can I try to login to nalula.com with a test Google account to see if I get the consent prompt and from there try to identify what might be causing it?

Yes, please run a test. It does indeed say Nalula needs access to Nalula. So I would imagine we do not need a consent screen. I just want to make sure. When you’re done testing I can delete your information from our DB. We only collect email/name so you can save properties and watch their status and share them with friends.

I really appreciate your time and feedback. You guys have been most helpful already. Let me know.

I did a quick test just now and I was not shown the consent page; I did notice that the login is passing an audience parameter associated with the Management API and I believe that one by default is not configured to skip consent. If you updated the Management API settings to skip consent that would explain the outcome I got; if not, I may have missed something as I did not get consent.

I did turn off the consent screen as I don’t believe it’s necessary. Thank you for your time an help!