OAuth 2.0 local consent

Asking end users for their consent explicitly is at the core of the OAuth 2.0 and OpenID Connect specifications. Consent granted can be used to configure authorization and to determine which claims will be added to access and ID tokens.

Without additional configuration, the consent screen will be presented to the end user during every login and the user must decide every time which consent to grant.

To make consent presentation more convenient for end users, consent can be stored in the database once the end user has granted it. In every future login flow, granted consents will be read from the database, their checkbox will be marked and the consent grant date will be displayed. If all consents are already present, the consent screen will be skipped and the flow will continue without interaction from the end user.

If the OAuth 2.0 Consent Step is added as a step in the authentication flow, the user will be presented with a step UI to grant or deny consent.

The following screenshot shows an example of the step UI with the consent persisted feature enabled:

In the Adminapp, all granted consents are presented in the OAuth 2.0 Tokens & Consents tab of the user management. The information is grouped by authorization server and by client.

An authorized helpdesk user can view and delete consents as shown in the following screenshot:

• Internal links:
• See OAuth 2.0 OIDC consent persister configuration for detailed configuration instructions.