Local consent
Asking end users for their consent to scopes explicitly is at the core of the OAuth 2.0 and OpenID Connect specifications. Granted scopes can be used to configure authorization and determine which claims will be added to access and ID tokens.
Without additional configuration, the consent screen will be presented to the end user during every login, and the user must decide which consent to grant each time.
To make consent presentation more convenient for end users, consent can be stored in the database once the end user has granted it. In every future login flow, granted consents will be read from the database, their checkbox will be marked and the consent grant date will be displayed. If all grants and denials are already present, the consent screen will be skipped, and the flow will continue without interaction from the end user.
Local consent in Loginapp
The OAuth 2.0 Consent Step is mandatory for all authentication flows used to authenticate OAuth or OIDC sessions. It determines when the consent interaction with the user is taking place in the flow.
With the OAuth 2.0 Consent Step the user will be presented with a step UI to grant or deny consent. The following screenshot shows an example of the step UI with the consent persisted feature enabled:
Further information and links
Internal links:
- See OAuth 2.0 OIDC consent persister configuration for detailed configuration instructions.
- See OAuth 2.0/OIDC consent management for consent management in Loginapp and Adminapp.
- See Remote consent configuration for more details on using an external consent server.