Zeev G Zeev G - 5 months ago 11
Javascript Question

auth0 handling declined permissions

my auth0 account uses facebook (and others) login.
when the user approves the fb application for the first time, he must approve the permissions (e.g email)
the user can uncheck the email, declined email permissions.
he still approve the application but just not this permission.

I detect this in auth0 rules and fail the login but when the user clicks login again he does not see the facebook approve screen and can not re approve the email permissions.

is short the user is stuck! and the only solution is to manuly remove the application from the user...

any ideas?

some progress:

I have found that facebook sdk supports auth_type:"rerequest"
but how to pass it to auth0....

Answer

Finally solved it!

had some help from auth0 support

we need to set

prompt: 'consent'

here are 2 examples:

using Auth0Lock (widget) object:

auth0Lock.show({
  callbackURL: window.location.href,   //where to go back. must allow this url in dashboard
  responseType: 'token', //this will cause the hash to return the token
  authParams: {
    scope: 'openid offline_access',
    prompt: 'consent'   // THIS WILL ASK THE USER TO APPROVE THE PERMISSIONS THAT HE DECLINED EARLIER 
  },
  connection_scopes: {
    'facebook': ['public_profile', 'email'],    //this optional this this example
  }

});

using Auth0 object:

auth0.login({
      popup: true,  // to use popup and js callback or redirect with hashtag
      connection: 'facebook',
      state:"some_state"
      scope: 'openid offline_access',
      prompt: 'consent'
    },
    //if popup=true then will callback
    function (err, profile, id_token, access_token, state, refreshToken) {
      if (err) {
        console.log("err", err);
      } else {
        console.log(id_token);
      }
    });