I am doing development work on a new web app (Angular front-end OWIN ASP.NET backend). I had created a couple of users manually in the Auth0 dashboard several months ago and am trying to manually create another now but can’t figure out how to add my Auth0 Application to the list of Authorized Applications for the new user.
Can I not do this manually? If not, what User Management API endpoint do I use.
I’ve been searching for answers for the last hour with no luck.
Hi Emmanuel.
You don’t need to (nor you can) manually add “Authorized Applications” to the user.
Depending on the configuration of the application and the type of token that the application is requesting, the user might get a consent prompt on the first time he or she tries to access the application (like “Application xxxx is asking permission to access your user profile”). Once the user gives consent, the application will appear under the list of “Authorized applications”
For more information on consent, take a look at User Consent and Third-Party Applications
You can query or delete these user consents (“grants”) using the dashboard like you are doing now, or with grants endpoints of the Management API v2:
Thank you. Yes, I remember that the logins created for developers several months ago prompted for consent on first login. Now, however, that consent isn’t requested anymore (we have not touched the authentication/authorization code since then). I gather not having consent is what causes the “unauthorized” “Access denied” error when the new developer tries to log in.
The app is running on localhost so I expected the consent to automatically be displayed on our Auth0 hosted page but it does not, it just returns from .auth0.com/usernamepassword/login with “unauthorized”.
Is there something we must configure or code on client-side to make sure consent, when required, is asked for? I don’t remember having to do that when we first wrote - and have since not touched - the Auth0 client-side code.
This is what the authentication request looks like:
auth0 = new auth0.WebAuth({
clientID: AUTH_CONFIG.clientID,
domain: AUTH_CONFIG.domain,
responseType: 'token id_token',
audience: AUTH_CONFIG.audience,
redirectUri: AUTH_CONFIG.callbackURL,
scope: 'openid profile email name user_metadata'
});
Other users who have consented in the past are able to log in just fine.
We are using auth0-js@9.8.0
I tried turning off “Allow Skipping User Consent” for the Api, delete the user and created a new one (in the Auth0 dashboard) and tried logging in again. Still no consent was requested and authentication failed.
Help!
I don’t think this is causing the error you are getting. If the grant was deleted or the consent was never given, the user should be prompted for it.
Is it possible that you have a rule throwing an “Access denied” error under certain circumstances?
Thank you. Indeed, a rule was failing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.