I’ve been hooking up all the various complex elements of your auth solution and have hit a barrier when trying to request an access token. I’m sure you’re familiar with this “requires consent” problem even when the skip flag is enabled. The issue is that it doesn’t work with http://localhost. We do front-end development locally against a development tenant and need to be able to use our current local development solution without jumping through a ton of hoops to get local SSL up and running.
Furthermore, this “Requires consent” issue is extremely poorly documented. Granted it’s part of the OpenId spec, but it’s unclear how this relates to API roles and permissions, which are often controlled by the application owner, and not by the user.
Hi @geoffatsource
Welcome to the Auth0 Community, it’s great to have you here
I’m wondering whether it’s not the fact that you’re running your app on http but rather you’re running it on localhost. A workaround might be to map localhost to a local domain as suggest here https://auth0.com/docs/get-started/applications/confidential-and-public-applications/user-consent-and-third-party-applications#skip-consent-for-first-party-applications
Regards
Unfortunately the Auth0 client API fails with an error saying it does not support http (only https) in that case.
Hi @geoffatsource
Apologies for the delay in getting back to you.
I tried to test this out using the react quickstart we have on https://auth0.com/docs/quickstart/spa/react running on http://locahost:3000 and I was able to get an access token for a custom api I had specified on Auth0.
As a result I’ve not been able to replicate, are you able to share some replication steps and also let me know the exact error you had and where you see this.
Many thanks.