Third Party app consent when not logged in

We are testing out auth0 for allowing our users to give third parties access to an api but I’m having some difficulty grasping a few concepts. I followed along this article to get me started: https://auth0.com/docs/protocols/protocol-oauth2

I created an application within our tenant called LionApp, used the API to mark it as 3rd party, and also elevated our database connection to domain-level… a little cumbersome, but so far so good. This is the link to /authorize that LionApp would put on their page for our users to click on:

https://acme-corp.us.auth0.com/authorize?audience=https://acme.com/campaigns&response_type=token&client_id=[lionappclientid]&redirect_uri=https://lionapp.com&scope=read:campaigns%20create:campaigns%20update:campaigns&prompt=consent

If one of our users is logged in and clicks on the link, they get the consent page as expected:

About as expected, although the reference to our “tenant” seems a little inside baseball and confusing for an average user of what exactly that is, and the lack of our company logo/branding is also odd, but I digress.

The main problem happens when the user may not be currently logged in to our application. When following the link the user is presented with this:

Our tenant logo is present, but the 3rd party application name is in the text, it’s not exactly clear what account I am supposed to log in with. Unless I notice the domain name in the browser it seems like a very confusing experience, possibly even suspicious.

I thought I could make it more obvious by customizing the universal login page… But, as soon as I tick the box to customize, and use the default Lock template, now following the link yields this:
Screenshot_1289

What am I missing here?

Hey @svickers - welcome to the Auth0 Community!

Could you please capture a HAR file of the issues you are having when the customize toggle is on, and send it to me via DM? You can find more information on how to get it here: https://toolbox.googleapps.com/apps/har_analyzer/

Thanks!

I figured out the problem in custom login… I was missing this in the lock config:
__useTenantInfo: config.isThirdPartyClient,

1 Like

Any other info on the rest of my post? Still grappling with understanding.

Hey, @svickers,

Without the HAR file I requested, it would be very difficult to diagnose the problems you are experiencing. Send it to me via DM once you have it ready!

Hello, @svickers,

I read your HAR but I don’t see any errors. Could you remind me what is the specific error you are facing now?

Thanks!