Hello,
I’ve read through the docs and can’t find why I’m getting the consent screen in the following scenario:
I’m developing a mobile app using expo and using a browser to authenticate the user.
I open the browser pointing to {AUTH0_DOMAIN}/authorize and pass everything required by the code (pcky) grant flow + scope=offline_access and audience=https://integrator.com as that’s the api I want to authorize.
The API has Allow Skipping User Consent turned on, and the app has a redirect uri exp://127.0.0.1:19000/,
for what I understand, I shoulnd’t see the consent screen, but when I try to log in, I see it. Is there some bug or am I missing something?
The consent screen will always show up for localhost and 127.0.0.1. There’s no way to disable the screen for those particular URLs, as localhost isn’t a verifiable first party and only first party applications can skip consent.
Wow, thanks for the fast reply! I’ve found out myself, that if I used expo’s AuthSession (which proxies the redirection through their server) it would work great.
I got confused because I first went through that flow, then refactored my app (because I don’t want that proxying) and it continued to work (without prompting me) up until I revoked the user’s accesses (for debugging).