Hi @konrad.sopala,
Thanks for your answer, but unfortunately not yet. I don’t define our backend as API in Auth0. What I had are:
- An Auth0 application configured to be SPA with Facebook social connections
- An Auth0 rule that add scopes after user login
- A standalone SPA hosted in CDN. It uses auth0-js to login with Facebook
- A backend APi that accepts Auth0 token. The SPA talks to this backend
A new user would experience the following flow:
- Click on Login with Facebook => a Facebook window is popped up (expected)
- Login to Facebook from the Facebook window and authorize my app (expected)
- Get redirected to Auth0 consent page, asking if user trusts my Auth0 application to access <my_auth0_tenant_name> (not desirable)