Google login vs email/password login "Consent required"?

Hey there, i noticed something weird while working on my application which is when i signup an account with gmail for example and assign a role to it and try to acess jwt in my react front-end it works normal and return a JWT with permissions, but when i use email/password login and confirm the account i get “Consent required” when i try to get the user token with permissions but it still login in?
i tried to edit Database settings to allow all applications access or at least the ones i need, but still doesn’t work?
any idea please what is causing that

here is a snippet of the code responsible for fetching token :

const App: FC = ()  => {
 const [setToken, setRole] = useStore(state => [ state.setToken, state.setRole])
 const { getAccessTokenSilently, user } = useAuth0();

 useEffect(() => {
   const setUserMetadata = async () => {
       try {
         const accessToken = await getAccessTokenSilently({
           audience: import.meta.env.VITE_REACT_APP_AUDIENCE
         });

         setToken(accessToken)
         console.log(accessToken);
         

         const p = jwt(accessToken!) as {permissions: string[]}
         
         // user permissions
         const permissions = p.permissions
         console.log(permissions);
         

         //handle permissions
   
       } catch(e: any) {
         console.log(e.message);
       }
       
   };
   
   setUserMetadata()
   
 }, [getAccessTokenSilently, user?.sub]);

and here is my custom provider:

const AuthProviderWithHistory = ({ children }: {children?: JSX.Element[] | JSX.Element}) => {

    const domain = import.meta.env.VITE_REACT_APP_AUTH0_DOMAIN;
    const clientId = import.meta.env.VITE_REACT_APP_AUTH0_CLIENT_ID;
    const redirectUri = import.meta.env.VITE_REACT_APP_AUTH0_CALLBACK_URL;
  
    const onRedirectCallback = (appState?: AppState) => {
      history.push(
        appState && appState.returnTo ? appState.returnTo : window.location.pathname
      );
    };
  
    if (!(domain && clientId)) {
      return null;
    }
  
    return (
      <Auth0Provider
        domain={domain}
        clientId={clientId}
        redirectUri={redirectUri}
        onRedirectCallback={onRedirectCallback}
scope="read:current_user update:current_user_metadata"
      >
        {children}
      </Auth0Provider>
    );
}

export default AuthProviderWithHistory

EDIT:
i had to put the audience in my custom Auth0Provider like this in order to get permissions :

const AuthProviderWithHistory = ({ children }: {children?: JSX.Element[] | JSX.Element}) => {

    const domain = import.meta.env.VITE_REACT_APP_AUTH0_DOMAIN;
    const clientId = import.meta.env.VITE_REACT_APP_AUTH0_CLIENT_ID;
    const redirectUri = import.meta.env.VITE_REACT_APP_AUTH0_CALLBACK_URL;
    const audience = import.meta.env.VITE_REACT_APP_AUDIENCE
  
    const onRedirectCallback = (appState?: AppState) => {
      history.push(
        appState && appState.returnTo ? appState.returnTo : window.location.pathname
      );
    };
  
    if (!(domain && clientId)) {
      return null;
    }
  
    return (
      <Auth0Provider
        domain={domain}
        clientId={clientId}
        redirectUri={redirectUri}
        onRedirectCallback={onRedirectCallback}
        scope="read:current_user update:current_user_metadata"
        audience={audience}
      >
        {children}
      </Auth0Provider>
    );
}

export default AuthProviderWithHistory

and my App now looks like this:

const App: FC = ()  => {
  const [setToken, setRole] = useStore(state => [ state.setToken, state.setRole])
  const { getAccessTokenSilently, user } = useAuth0();

  useEffect(() => {
    const setUserMetadata = async () => {
        try {
          const accessToken = await getAccessTokenSilently();

          setToken(accessToken)
          console.log(accessToken);
          

          const p = jwt(accessToken!) as {permissions: string[]}
          
          // user permissions
          const permissions = p.permissions
          console.log(permissions);
          

          permissions.includes("crud:baristas") && permissions.includes("crud:managers") && permissions.includes("delete:users") && permissions.includes("block-unblock:users") ? 
          setRole("admin") : permissions.includes("crud:baristas") ?
          setRole("manager") : permissions.includes("crud:globalMenu") ?
          setRole("barista") : setRole("customer")
    
        } catch(e: any) {
          console.log(e.message);
        }
        
    };
    
    setUserMetadata()
    
  }, [getAccessTokenSilently, user?.sub]);

return ...

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.