Hello! (again!)
This time around I am running into a “Consent Required” error while debugging locally, now I know that consent is required and that when running on any localhost url Auth0 should be popping a consent prompt, which is fine, however it is not.
For my front end application I did receive the consent prompt, but I do not get it for any call to my API. I have ensured that skipping consent is turned off.
My question is: how can I ensure the consent prompt appears so that my localhost/api/myController calls will succeed?
Hi @pseudonym01
Consent is required when granting the access token, not when passing it to the API.
I’m not sure if that was what you were asking.
John
1 Like
Unfortunately not
I have an angular frontend, a web api back end, and when I try to get the front end to talk to the back end I get an error back saying “Consent is required”.
I’ve read up on setting 127.0.0.1 to something other than localhost but thats a bit tricky to do without visual studio throwing some errors.
Hi @pseudonym01
I am not understanding, sorry.
When the front end makes an API call to an API (what you are calling the web api backend), the only thing it needs is an access token. If you have an access token (and it is valid) you can call the backend. If you don’t you will get a 403 not authorized response. There is no “consent required” option here.
You CAN get a conset required error when requesting the access token from Auth0. This is before you call the API. You will always get this (the first) time when requesting an access token from localhost. If you don’t want this, set up your app on a domain instead.
John
1 Like
Ah my apologies, allow me to explain further then.
What you are calling an API, I am specifically calling a Web-API backend because (as I stated) I am using the .NET Core specific project type of Web-API.
As it turns out I do have a valid token, having confirmed this via jwt.io, and it works fine as is on my deployed solution.
Again, as I stated, I would be fine with getting a consent pop-up, I would be ecstatic if in fact that was what happened, instead I merely get an error back saying that consent is required with no way to resolve it (seemingly).
Is it entirely impossible to use both a front-end application and an api while working locally? Auth0 documentation would seem to suggest that this is indeed possible which is why I am asking how I can get to a state where I can see a consent request form and proceed. If need be, I can happily post the relevant typescript files and get your take on it from there?
I’m curious if this was ever resolved.
I’m running into what seems like the exact same situation, except mine does not even work when deployed on Cloud Run and using a valid domain.
I log into the application via the hosted UI. I then call getAccessTokenSilently() and receive an access token. I then use jwt.io to decode that token, because I need permissions to decide which areas of the SPA the user can visit. I see in the decoded JWT that there are the 3 permissions I set, the correct issuer and audience, issue times and expirations.
Then when I go to make an API call, I get a console error indicating “Consent Error”. I’m pretty sure this is coming form the Interceptor provided by auth0-angular’s package, but can’t be sure. My next step is probably just creating my own interceptor that skips anything the interceptor might be doing, and let the server validate the token instead.