Pete Davis Pete Davis - 2 months ago 22
AngularJS Question

Identity Server auth without requesting user permission

Is there a way to configure a client so that it is trusted and not require users approval for access to their details?

I am building an Angular client app, and using Identity Server 3 for issuing tokens for access to the backend API, but because it should appear that you are logging into the same environment as the API you are accessing, I dont want the client to be prompted for the request for permission for this client app / resource pair. Currently I have something similar to this example:
https://damienbod.com/2015/11/08/oauth2-implicit-flow-with-angular-and-asp-net-5-identity-server/

Is there a setting that bypasses the approval, or am I just using the incorrect flow?

I guess the example that I am looking at replicating is accessing the Auzure portal SPA. There you are redirected to login, then I am not prompted by Microsoft to give access to Microsoft account details.

Answer

You are talking about Consent.

For that specific client's configuration set its RequireConsent property to false.