Open taorepoara opened 11 months ago
In the OAuth flow we first ask the user to login and then to consent for the asked scopes.
For external Lenra clients, the only scope asked for is app:websocket that does not really give access to user information.
app:websocket
To give a better user experience to our users we will skip the consent page when the only asked scope is app:websocket.
See if Hydra manages skipping consent in the acceptation of the connection.
If not we can validate the consent when loading the consent page, but it's not the best solution.
What should be done
In the OAuth flow we first ask the user to login and then to consent for the asked scopes.
For external Lenra clients, the only scope asked for is
app:websocketthat does not really give access to user information.To give a better user experience to our users we will skip the consent page when the only asked scope is
app:websocket.Technical recommandation
See if Hydra manages skipping consent in the acceptation of the connection.
If not we can validate the consent when loading the consent page, but it's not the best solution.