Disable the Consent Screen for Profile when Logging into Auth0 Applications

Problem statement

We would like users to seamlessly log in to their apps without having a one-time authorization for the profile.

Steps to Reproduce

The user signs up, or it’s migrated from another DB, yet it’s the first time login into the application.

Cause

Only first-party applications can skip the consent dialog, but only if the API they are trying to access on behalf of the user has the Allow Skipping User Consent option enabled.

Solution

The solution will depend on whether the audience is a Custom API or the Management API.

Audience is a Custom API
If the audience matches any Custom API from the tenant, it is possible to enable the “Allow Skipping User Consent” option for that API.

  1. From the left-hand menu within the Dashboard, navigate to Applications > API > {name-of-api}.
  2. Scroll down towards the bottom of the page until the "Allow Skipping User Consent" appears.
  3. Toggle this option to the green ( “on” ) position.

Screenshot 2023-11-24 at 10.35.27.png

Audience is the Management API

If the audience is the Management API, it is possible to determine whether an application is registered with Auth0 as a first-party or third-party application. This can be achieved by making a call to the Get-a-Client endpoint.

curl --request GET \ –url ‘https://{yourDomain}/api/v2/clients/%7ByourClientId%7D?fields=is_first_party&include_fields=true’ \ –header ‘authorization: Bearer {yourMgmtApiAccessToken}’

  1. Get an access token for use with the Management API
  2. Make the call to the Get-a-Client endpoint shown above, providing details of your Domain, Client_ID, and the Management API Access Token.

The outcome of this call will show either:

  • If the application is first-party, the is_first_party field will have a value of true.
  • If the application is third-party, the is_first_party field will have a value of false.

In a similar fashion, the is_first_party field can be updated by making a call to the Update-a-Client endpoint.

Related References