Trying to understand your Access token workflow (getAccessTokenSilently)

Dear Auth0

I tried implementing your service into my application but there is problem.

The main reason that I am implementing a user system with Authentication is that users can reliably call my backend api through my frontend application. I assume many others have the same goal. The problem is that for a call to my backend API my frontend needs to request an access token. The problem is now that in order for this request to be responded to (and not end in an Uncaught (in promise) Error: Consent required ) , the user has to manually affirm that they want to request an access token through a pop-up (at least for the first time). Is there an option to just make the user affirm that he also wants to use the backend of the application right at sign up. Why would a user even sign up if they couldn’t send requests to the backend? Is it really your idea that creating a working user account is a 2 step process where the user first has to create an account (through a pop-up or redirect, interrupting the flow) and then, interrupting the flow again, they have to affirm that they actually want to give the app access to this account which they literally just created for this app. They have to Accept the pop up saying “app is requesting access to your dev-xxxx account”?

The question goes further:
If this is actually what you want, you are essentially forcing me to use the getAccessTokenWithPopup hook instead of the more convenient getAccessTokenSilently hook which leads to the problem that even if the user does accept the app asking for permission to use their account at the first time, if they click the same button with
onClick={()=>getAccessTokenWithPopup({audience:"xxxx")}
a pop up briefly opens and closes again. I’m sorry if it’s hard to follow, all I am asking is: Why isn’t there a hook which checks wether the user has already succesfully requested an access token once, then runs getAccessTokenSilently if they did so and getAccessTokenWithPopup if they didn’t? Is it really standard that everytime my user sends an http request they get spammed with a 0.1 sec pop up?

It all seems like such a hassle that it makes me wonder wether I have a wrong understanding of your system.

Hi @blendaddict,

It sounds like you want to skip the consent prompt for your first party app. (I suspect you are developing on localhost).

Here is the doc for it: Skip consent for first-party applications

And an FAQ on the subject: Disable Authorize App Dialogue Box

An external blog (warning: this content is not created by Auth0): Skipping Auth0 consent prompt for local development - DEV Community 👩‍💻👨‍💻

Just a reminder, you may be able to find a solution by searching for it! :smile:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.