How can I automatically grant access to a client for a user without prompting the user?

kwarnke · June 18, 2017, 3:43am

I understand why Auto0 is set up by default to prompt the user to grant access to the client. And that’ll come in handy when I start opening up other clients to my data and APIs.

But my first client is MY application and these are MY users. Is there a way I can configure that client so that when a user logs in they will “automatically grant” that client access without the extra prompting?

Thanks!
Kevin

prashantT · June 19, 2017, 7:34am

You can enable the Allow Skipping User Consent setting in the API settings. If this setting is enabled, this API will skip user consent for clients flagged as First Party:

Dashboard > APIs > Your API > Allow skipping user consent

Read here for more info on first party vs third party clients.

kwarnke · July 2, 2017, 3:00am

My client is already set up as a First Party (according to the documentation, it’s 1st by default).
My API is already set to skip consent.
But after creating a new user with the Auth0v2 API, I’m still getting prompted to authorize “access to your profile”. I would like to skip that step as well. What else and I missing?

fredguth · July 2, 2017, 4:08am

did you set prompt:none ?

kwarnke · July 2, 2017, 4:22am

I am a total Auth0 noob so you’ll have to be a little more specific about where you set “prompt:none”. Where is that option? Thanks!

kwarnke · July 2, 2017, 3:00am

My client is already set up as a First Party (according to the documentation, it’s 1st by default).
My API is already set to skip consent.
But after creating a new user with the Auth0v2 API, I’m still getting prompted to authorize “access to your profile”. I would like to skip that step as well. What else and I missing?

kwarnke · July 2, 2017, 4:22am

I am a total Auth0 noob so you’ll have to be a little more specific about where you set “prompt:none”. Where is that option? Thanks!

prashantT · July 3, 2017, 5:13am

See the answers provided in this post:
http://community.auth0.com/questions/286/how-do-i-skip-the-consent-page-for-my-api-authoriz

You cannot have any Allowed Callback URLs pointing to localhost.

kwarnke · July 3, 2017, 7:59am

That was it! It was because I was working locally. When I deployed to the server it skipped as expected. Thanks for pointing that out!

fredguth · July 2, 2017, 11:16am

Sorry for that.
In the auth0 constructor. Example:
new auth0.WebAuth({
domain,
clientID,
redirectUri,
prompt: ‘none’,
scope: ‘openid profile offline_access’,
audience: https://${domain}/userinfo,
responseType: ‘token’
})

kwarnke · July 2, 2017, 9:00pm

I’m using the angular sample to get started so I modified mine to be:

 // Initialization for the angular-auth0 library
    angularAuth0Provider.init({
      clientID: AUTH0_CLIENT_ID,
      domain: AUTH0_DOMAIN,
      responseType: 'token id_token',
      audience: AUTH0_AUDIENCE,
      redirectUri: AUTH0_CALLBACK_URL,
      scope: REQUESTED_SCOPES,
      leeway: 30,
      prompt: 'none'
    });

But it’s still prompting “My New App would like access to your mynewapp account”. Anything else I could be missing?