Authorize/Consent Screen Settings
Authorize/Consent Prompt
- Navigate to the Configurations tab.
- Under the Authorize/Consent Prompt section, you can find the toggle for this option.
- If the toggle is turned ON, the OAuth Server will prompt the users for their consent to either Allow or Deny the permissions.
Controlling Authorize/Consent Prompt
When the Authorize/Consent Prompt is enabled, it can be controlled by a prompt parameter in the Authorize Request.
prompt can have THREE possible values.
-
allow: In this case the users will not be shown the consent screen. The user response will be assumed to be "Allow".NOTE: using this form of request will not save the actual user response.
This means that when thepromptvalue is not passed, the users will be shown the regular consent screen
if they have not previously, explicitly clicked on "Allow"SAMPLE REQUEST:
GET http://<wp_base_url>/wp-json/moserver/authorize ?response_type=code &client_id= <client_id_goes_here> &redirect_uri= <callback_url> &scope= <permissions_requesting> &state= <security_token> &prompt=allow -
consent: In this case the users will be shown the consent screen even if they have previously, explicitly clicked on "Allow".
SAMPLE REQUEST:GET http://<wp_base_url>/wp-json/moserver/authorize ?response_type=code &client_id= <client_id_goes_here> &redirect_uri= <callback_url> &scope= <permissions_requesting> &state= <security_token> &prompt=consent -
login: In this case the users will be logged out and will be asked to log in again before authorizing an application.NOTE: This value respects the previously saved responses of the users.
This means that if the users have previously, explicitly clicked on "Allow" on the consent screen,
they will not be shown the same and the Server will directly proceed to authorize the application.SAMPLE REQUEST:
GET http://<wp_base_url>/wp-json/moserver/authorize ?response_type=code &client_id= <client_id_goes_here> &redirect_uri= <callback_url> &scope= <permissions_requesting> &state= <security_token> &prompt=login