Google Social Login - 2 Consent Prompts?

gal2 · October 26, 2022, 7:56am

Hi Auth0 community,

We are developing an app which will require users to consent to give us long term Google calendar read/write permissions (we utilize the Google refresh token retrieved in this flow) which forces us to use prompt: "consent" when redirecting to the /authorize Auth0 url.

In our current implementation, we see that users need to go through 2 consent screens: the first one is Google’s (which lists the connection scopes we demanded - offline access & calendar scopes). The second one is Auth0’s itself. This feels redundant since in the first consent screen the user has already consented to even more intrusive permissions.

Is there a way to somehow skip the second consent screen? It seems like our Auth0 application is requesting access to the Auth0 user that was created in the previous step (after consenting the first time)?

First consent screen:

Second:

tyf · October 27, 2022, 10:48pm

Hey there @gal2!

Is the application that triggered this flow your own application? If so, it’s considered first party and the consent screen can be configured to be skipped:

https://auth0.com/docs/get-started/applications/confidential-and-public-applications/user-consent-and-third-party-applications#skip-consent-for-first-party-applications

Keep us posted!

gal2 · October 30, 2022, 8:40am

Hi tyf,

I tried changing our audience to an API which skips consent screen, but that didn’t help unfortunately

Please notice that my prompt is consent - otherwise I wouldn’t be able to get google’s refresh token.