I understand why Auto0 is set up by default to prompt the user to grant access to the client. And that’ll come in handy when I start opening up other clients to my data and APIs.
But my first client is MY application and these are MY users. Is there a way I can configure that client so that when a user logs in they will “automatically grant” that client access without the extra prompting?
Thanks!
Kevin
You can enable the Allow Skipping User Consent
setting in the API settings. If this setting is enabled, this API will skip user consent for clients flagged as First Party:
Dashboard > APIs > Your API > Allow skipping user consent
Read here for more info on first party vs third party clients.
My client is already set up as a First Party (according to the documentation, it’s 1st by default).
My API is already set to skip consent.
But after creating a new user with the Auth0v2 API, I’m still getting prompted to authorize “access to your profile”. I would like to skip that step as well. What else and I missing?
did you set prompt:none
?
I am a total Auth0 noob so you’ll have to be a little more specific about where you set “prompt:none”. Where is that option? Thanks!
My client is already set up as a First Party (according to the documentation, it’s 1st by default).
My API is already set to skip consent.
But after creating a new user with the Auth0v2 API, I’m still getting prompted to authorize “access to your profile”. I would like to skip that step as well. What else and I missing?
I am a total Auth0 noob so you’ll have to be a little more specific about where you set “prompt:none”. Where is that option? Thanks!
See the answers provided in this post:
http://community.auth0.com/questions/286/how-do-i-skip-the-consent-page-for-my-api-authoriz
You cannot have any Allowed Callback URLs
pointing to localhost
.
That was it! It was because I was working locally. When I deployed to the server it skipped as expected. Thanks for pointing that out!
Sorry for that.
In the auth0 constructor. Example:
new auth0.WebAuth({
domain,
clientID,
redirectUri,
prompt: ‘none’,
scope: ‘openid profile offline_access’,
audience: https://${domain}/userinfo
,
responseType: ‘token’
})
I’m using the angular sample to get started so I modified mine to be:
// Initialization for the angular-auth0 library
angularAuth0Provider.init({
clientID: AUTH0_CLIENT_ID,
domain: AUTH0_DOMAIN,
responseType: 'token id_token',
audience: AUTH0_AUDIENCE,
redirectUri: AUTH0_CALLBACK_URL,
scope: REQUESTED_SCOPES,
leeway: 30,
prompt: 'none'
});
But it’s still prompting “My New App would like access to your mynewapp account”. Anything else I could be missing?