Consent Required but no prompt when calling API

andrew.groat · December 20, 2021, 4:28pm

Hi,

I’m attempting to call a web api that I have created in dotnet core 5 from my Angular application. I’ve followed the quickstarts, Call an API, and ASP.NET Core Web API.

When I setup my Angular app to call the users API in the quickstart it comes up with a prompt for consent ok. However, when I change over all the settings to call my own web api, I don’t get a prompt for consent, I just get a Consent Required error.

I am developing both locally, so the angular app url is localhost:4200 and my web api is localhost:44310.

Any guidance on how to grant consent, or get the prompt would be much appreciated.

Thanks.

rueben.tiow · December 20, 2021, 10:29pm

Hi @andrew.groat,

Welcome to the Auth0 Community!

First, could you please clarify if you used the consent=prompt parameter in your request?

If not, I recommend passing the consent=prompt parameter in your /authorize request.

For example:

https://YOUR_DOMAIN/authorize?
    response_type=code&
    client_id=YOUR_CLIENT_ID&
    redirect_uri=https://YOUR_APP/callback&
    scope=SCOPE&
    audience=API_AUDIENCE&
    state=STATE&
    prompt=consent

Once this is complete, the consent prompt will be displayed during login.

Please let me know if there’s anything else I can do to help.

Thank you.

andrew.groat · December 21, 2021, 8:57am

Hi Rueben,

Thanks for getting back to me. I’ve checked the network traffic to get the URL that is called and it does NOT have the consent=prompt parameter.

How do I get this parameter added to the URL? My setup is based off the quickstart example, so I am not setting the URL myself anywhere in code. Is there something that should be set in the app module where I am importing the AuthModule?

My setup in the app module currently looks like this:

AuthModule.forRoot({
domain: ‘xxx.eu.auth0.com’,
clientId: ‘yyyyyyyy’,
// Request this audience at user authentication time
audience: ‘https://xxx.eu.auth0.com/api/v2/’,
// Request this scope at user authentication time
scope: ‘read:current_user’,
// Specify configuration for the interceptor
httpInterceptor: {
allowedList: [
{
// Match any request that starts ‘https://YOUR_DOMAIN/api/v2/’ (note the asterisk)
uri: ‘https://localhost:44310/*’,
tokenOptions: {
// The attached token should target this audience
audience: ‘https://localhost:44310/’,
// The attached token should have these scopes
scope: ‘read:current_user’
}
}
]
}
})

Thanks.

andrew.groat · January 4, 2022, 2:12pm

Hi,

Looking for any further updates on this.

Thanks.

rueben.tiow · January 4, 2022, 5:20pm

Hi @andrew.groat,

Thank you for your responses.

I have just gone ahead and tested this myself with the Angular Quickstart you shared in your initial post. After testing, I could successfully get the consent prompt when calling my API.

In this case, you can specify the audience and scope parameters in your AuthModule.forRoot, which should be adequate to prompt consent from the user.

It may also be the case where the user has previously provided consent and no longer asked, so you may need to revoke their authorization or increase authorization to ask the user for consent again.

See this doc:

Please let me know how this goes for you.

Thanks.

andrew.groat · January 10, 2022, 9:21am

Thanks Rueben,

I have figured out the issue. I had updated the uri and audience in the httpInterceptor section, but not the audience below the client id. Once I updated it, then it worked ok.

system · January 25, 2022, 9:22am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.