Dear Auth0
I tried implementing your service into my application but there is problem.
The main reason that I am implementing a user system with Authentication is that users can reliably call my backend api through my frontend application. I assume many others have the same goal. The problem is that for a call to my backend API my frontend needs to request an access token. The problem is now that in order for this request to be responded to (and not end in an Uncaught (in promise) Error: Consent required
) , the user has to manually affirm that they want to request an access token through a pop-up (at least for the first time). Is there an option to just make the user affirm that he also wants to use the backend of the application right at sign up. Why would a user even sign up if they couldn’t send requests to the backend? Is it really your idea that creating a working user account is a 2 step process where the user first has to create an account (through a pop-up or redirect, interrupting the flow) and then, interrupting the flow again, they have to affirm that they actually want to give the app access to this account which they literally just created for this app. They have to Accept the pop up saying “app is requesting access to your dev-xxxx account”?
The question goes further:
If this is actually what you want, you are essentially forcing me to use the getAccessTokenWithPopup hook instead of the more convenient getAccessTokenSilently hook which leads to the problem that even if the user does accept the app asking for permission to use their account at the first time, if they click the same button with
onClick={()=>getAccessTokenWithPopup({audience:"xxxx")}
a pop up briefly opens and closes again. I’m sorry if it’s hard to follow, all I am asking is: Why isn’t there a hook which checks wether the user has already succesfully requested an access token once, then runs getAccessTokenSilently if they did so and getAccessTokenWithPopup if they didn’t? Is it really standard that everytime my user sends an http request they get spammed with a 0.1 sec pop up?
It all seems like such a hassle that it makes me wonder wether I have a wrong understanding of your system.