Unable to get rid of Consent Descriptions despite using the flag

I am trying to get rid of these weird consent descriptions from my consent page

image744×460 27.2 KB

I have tried the following

const axios = require("axios").default;
require('dotenv').config();

const domain = process.env.AUTH0_DOMAIN;
const accessToken = process.env.API_ACCESS_TOKEN;

const options = {
  method: 'PATCH',
  url: `https://${domain}/api/v2/tenants/settings`,
  headers: {
    'content-type': 'application/json',
    authorization: `Bearer ${accessToken}`,
    'cache-control': 'no-cache'
  },
  data: { flags: { use_scope_descriptions_for_consent: false } }
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error.response ? error.response.data : error.message);
});

This is the response/output

{
  enabled_locales: [ 'en' ],
  flags: {
    allow_changing_enable_sso: false,
    cannot_change_enforce_client_authentication_on_passwordless_start: true,
    disable_impersonation: true,
    enable_custom_domain_in_emails: false,
    enable_sso: true,
    enforce_client_authentication_on_passwordless_start: true,
    universal_login: true,
    use_scope_descriptions_for_consent: false,
    revoke_refresh_token_grant: false,
    dashboard_new_onboarding: false,
    disable_clickjack_protection_headers: false
  },
  sandbox_version: '18',
  oidc_logout: { rp_logout_end_session_endpoint_discovery: true },
  universal_login: { is_custom_theme_set: true }
}

When I try registering with socials like google oauth for the first time, the user still sees the attached image as the consent descriptions. I do not want the user to see the variables or atleast have better descriptions of the scope.

I would also like to know why is the client credentials grant in the tenant settings disabled.

Hi @empowerfrontiers

Welcome to the Auth0 Community!

Thank you for posting your question!

When I try registering with socials like google oauth for the first time, the user still sees the attached image as the consent descriptions. I do not want the user to see the variables or atleast have better descriptions of the scope.

While integrating with Google Social login, you can’t disable the consent as your application is considered a third-party application for Google. Only First-party applications can skip consent. You are able to edit non-sensitive scopes from the Google Developer Console → Google Social Connection to Login

I would also like to know why is the client credentials grant in the tenant settings disabled.

The Client Credentials option it turned off due to the Application type chosen during creation. Client Credentials grant is disabled automatically from applications that are supposed to generate tokens from a client-side, like SPA and Native apps. This was a change for security reasons since it uses the client_secret to generate tokens.

Thanks
Dawid

I am aware that third party applications cannot skip consent screen and it can only be done in first party applications. I am not trying to skip it for third party, but it might make more sense to display better consent screen dialog for permissions to the user as Current_user_metadata: update your current_user_metadata and Current_user:read your current_user are not apt for the user to see when registering and giving consent. I am specifically asking about the descriptions of the consent. How would I be able to have better descriptions as I don’t want the users registering to see some variable-esque names.

Thank you.

@empowerfrontiers any news about this? I have exactly the same scope list in the consent screen. I can’t find a place to add custom descriptions, or a way to remove them.

Is not good for users to have such list, would be nice to have something easier to read and better format.

@dawid.matuszczyk any solution ?