I am building a SPA which has a SPA client and is requesting a scpe of “openid profile”. When the user logs in through their social account they are hit with a page asking their permission for my application to access the OIT account.
This is confusing for the users, as they have no concept of the OIT account. Is there a way to prevent this dialog?
If you are requesting an access_token for your API (using an
audience parameter), you can enable the
Allow Skipping User Consent in the API settings. Note, this will only work for clients without a
localhost Allowed Callback URL.
Is there better documentation on this somewhere? This message is incredibly confusing. In my case, it says “Hi Name, SiteYouWantToSignInto is requesting access to your siteyouwanttosigninto tenant.” Who in the world is supposed to know what the heck that even means? What does that even mean? Why did Auth0 think it was a good idea to put it in, and how do I turn it off reliably?