Consent screen showing up, despite Allow Skipping User Consent

Hello,
I’ve read through the docs and can’t find why I’m getting the consent screen in the following scenario:
I’m developing a mobile app using expo and using a browser to authenticate the user.
I open the browser pointing to {AUTH0_DOMAIN}/authorize and pass everything required by the code (pcky) grant flow + scope=offline_access and audience=https://integrator.com as that’s the api I want to authorize.

The API has Allow Skipping User Consent turned on, and the app has a redirect uri exp://127.0.0.1:19000/,
for what I understand, I shoulnd’t see the consent screen, but when I try to log in, I see it. Is there some bug or am I missing something?

1 Like

The consent screen will always show up for localhost and 127.0.0.1. There’s no way to disable the screen for those particular URLs, as localhost isn’t a verifiable first party and only first party applications can skip consent.

2 Likes

Cześć Jędrzej!

@thijmen96 is right. It’s always like that in terms of localhost and 127.0.0.1 because of first-party restrictions.

Hope it helps!

1 Like

Hi/Cześć :slight_smile:

Wow, thanks for the fast reply! I’ve found out myself, that if I used expo’s AuthSession (which proxies the redirection through their server) it would work great.

I got confused because I first went through that flow, then refactored my app (because I don’t want that proxying) and it continued to work (without prompting me) up until I revoked the user’s accesses (for debugging).

1 Like

Great that you’ve figured it out!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.