OAuth 2.0/OIDC consent management

Consent management self-service in Loginapp

Users are asked to deny or grant a list of scopes for a particular client when using an interactive Local Consent Step in an authorization code flow. The users' decision to grant or deny scopes may be persisted.

With persisted consent, it is possible to allow users to manage their consent in a protected self-service UI, as shown in the example below:

local_consent_self-service

The consent management self-service has the following properties:

  • Consent is grouped by client. No information about authorization servers is provided to end users.
  • All consent for the same client can be deleted. This will cause the consent dialog to be shown again when the user logs in the next time.
  • Individual consent can be granted or denied. These decisions are persisted, and users will not be asked for confirmation of consent again.

Consent management in Adminapp

In the Adminapp, all stored consents are presented in the OAuth 2.0 Tokens & Consents tab of the user management. The information is grouped by authorization servers and by clients.

An authorized helpdesk user can view and delete consent, as shown in the following screenshot:

LocalConsent_Adminapp