jorunfa
commented
8 years ago Hi! :)
Public clients will show the consent screen each time the user logs in. This is because of security reasons, to reduce the chance of successful phishing attacks.
However, the refresh token can be used to maintain long-time access, so the user should only have to log in once if the user does not actively log out. Let me know if you have any questions regarding this.
Another alternative is using confidential clients, but that requires a middleware server and a different setup.
Can I bypass the allow dialog screen for existing users who are already allowed on first time login?