search

panva / openid-client

OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
MIT License
1.83k stars 392 forks source link

How is it possible to skip the "consent screen"? #276

Closed gigo1980 closed 4 years ago

gigo1980 commented 4 years ago

We have the following scenario. After the user has logged in you are seeing the consent screen where you have to approve the scopes that are requested.

We would skip this step, is this still possible? And if, how can we can hook into that process/workflow?

big-kahuna-burger commented 4 years ago

It is not recommended but in any case, here it goes:

const {
  interactionPolicy: { Prompt, base: policy }
} = require('oidc-provider')

interactions.remove('consent')

But then if your RP is requesting scopes, you need to grant them all when calling interactionFinished or you will get error. Something like this:

await provider.interactionFinished(req, res, {
     select_account: {},
     login: {
        account: account.accountId
     },
     consent: { accepted: [params.scope.split(' ')] } // this line matters, note that the params come from interaction details
     }, {
        mergeWithLastSubmission: false
     })

Given that you do this on provider. From client/RP you can't skip consent screen

panva commented 4 years ago

How is this an openid-client question?

panva commented 4 years ago

@gigo1980 your IdP controls when a consent screen is shown. The client software does not control that.