Auth0 Home Blog Docs

How can I automatically grant access to a client for a user without prompting the user?

login
user
allow
automatically

#1

I understand why Auto0 is set up by default to prompt the user to grant access to the client. And that’ll come in handy when I start opening up other clients to my data and APIs.

But my first client is MY application and these are MY users. Is there a way I can configure that client so that when a user logs in they will “automatically grant” that client access without the extra prompting?

Thanks!
Kevin


#2

You can enable the Allow Skipping User Consent setting in the API settings. If this setting is enabled, this API will skip user consent for clients flagged as First Party:

Dashboard > APIs > Your API > Allow skipping user consent

Read here for more info on first party vs third party clients.


#3

My client is already set up as a First Party (according to the documentation, it’s 1st by default).
My API is already set to skip consent.
But after creating a new user with the Auth0v2 API, I’m still getting prompted to authorize “access to your profile”. I would like to skip that step as well. What else and I missing?


#4

did you set prompt:none ?


#5

I am a total Auth0 noob so you’ll have to be a little more specific about where you set “prompt:none”. Where is that option? Thanks!


#6

My client is already set up as a First Party (according to the documentation, it’s 1st by default).
My API is already set to skip consent.
But after creating a new user with the Auth0v2 API, I’m still getting prompted to authorize “access to your profile”. I would like to skip that step as well. What else and I missing?


#7

I am a total Auth0 noob so you’ll have to be a little more specific about where you set “prompt:none”. Where is that option? Thanks!


#8

See the answers provided in this post:
https://community.auth0.com/questions/286/how-do-i-skip-the-consent-page-for-my-api-authoriz

You cannot have any Allowed Callback URLs pointing to localhost.


#9

That was it! It was because I was working locally. When I deployed to the server it skipped as expected. Thanks for pointing that out!


#10

Sorry for that.
In the auth0 constructor. Example:
new auth0.WebAuth({
domain,
clientID,
redirectUri,
prompt: ‘none’,
scope: ‘openid profile offline_access’,
audience: https://${domain}/userinfo,
responseType: ‘token’
})


#11

I’m using the angular sample to get started so I modified mine to be:

 // Initialization for the angular-auth0 library
    angularAuth0Provider.init({
      clientID: AUTH0_CLIENT_ID,
      domain: AUTH0_DOMAIN,
      responseType: 'token id_token',
      audience: AUTH0_AUDIENCE,
      redirectUri: AUTH0_CALLBACK_URL,
      scope: REQUESTED_SCOPES,
      leeway: 30,
      prompt: 'none'
    });

But it’s still prompting “My New App would like access to your mynewapp account”. Anything else I could be missing?


#12