Documentation clarification for skipping consent for first-party applications

  • Which SDK this is regarding: auth0-spa-js
  • SDK Version: 1.13.5
  • Platform Version: e.g. Node 12.11.1
  • Code Snippets/Error Messages/Supporting Details/Screenshots:

Is this a feature request or bug report? other question

Hello,

Yesterday we made a change to our Auth0 configuration to skip confirmation in an API for a first party application following reading this docs page:

However, we found that we were able to leave localhost in the allowed callback URLs for the application, and still have the consent prompt skipped on our verified production URL (which is what we want).

The documentation and other comment threads on the matter appear to suggest that this shouldn’t work. E.g. Disable Authorize App dialog

Is our use here, were we leave localhost in the allowed callbacks, unsupported or is this just my misreading of the documentation?

Hi @charlie.egan,

Welcome to the Community!

I read the doc the same way. I would expect it won’t skip the prompt if you have LH as a registered callback URI. Is it still triggering when you run your app on LH? Let me know, I will suggest an update to the doc.

Hello Dan, thank you for responding.

On first time login to the application, when on localhost, the consent is shown.

On first time login, when using the verified production URL, the consent is not shown.

We have both localhost and our domain set in ‘Allowed Callback URLs’.

So it seems to me that the documentation doesn’t describe the behavior we’re seeing. I’m interested to know if this is a fault in the docs or if we’re relying on an unsupported edge case.

1 Like

@dan.woda would you be able to clarify if it is the docs which are incorrect? (rather than this being an unsupported behaviour)

1 Like

Sorry for the delay. I needed to set some time aside to test this before requesting a review. I set it up this morning and can confirm the behavior. I’ll put in a request from the team and let you know here when I have a response.

Thanks Dan for taking the time to replicate our use case. Much appreciated. Let’s see what they say.

Hello @dan.woda, have you had a chance to look into this yet?

Hi @charlie.egan,

I am waiting to hear back from the team. I’ll update the thread when I have a response.

Thanks for the update. Keep us posted.

1 Like

Hi @dan.woda - aware there’s been some company news but wondering if anyone’s had a moment to look over this yet?

We’re running this in production and keen to confirm it’s a supported configuration.