I have figured it out. Turns out our external service using OIDC was sending a param to prompt for consent. I figured this out by browsing through source code and finding org.apereo.cas.oidc.web.OidcConsentApprovalViewResolver#isConsentApprovalBypassed.
https://cas.domain.co.za/cas/oidc/authorize?*prompt=consent*&response_type= code&redirect_uri=https://the-redirect-uri&client_id=client&nonce= f19fe52f7d988708bb7bcb51f80984d2&state=27d138365aabe3282e15b4a88999b042& scope=email offline_access openid Regards / Groete *Charl Thiem* Senior Developer | +27 (0) 21 970 4000 | [email protected] | www.opencollab.co.za | @opencollab ---------- Forwarded message --------- From: Charl Thiem <[email protected]> Date: Tue, Aug 25, 2020 at 1:55 PM Subject: OIDC with bypassApprovalPrompt To: <[email protected]> Hi I'm using CAS 6.1.7 with OIDC Server In my service definition I have { "@class" : "org.apereo.cas.services.OidcRegisteredService", "clientId": "client", "clientSecret": "secret", "serviceId" : "https://the-redirect-uri";, "name": "Test", "id": 1, "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ], "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ], *"bypassApprovalPrompt" : true,* "scopes" : [ "java.util.HashSet", [ "openid", "email", "offline_access"] ] } But after sign in I still get this prompt [image: image.png] Is this screen expected while having bypassApprovalPrompt=true? I was hoping to avoid this screen. Regards / Groete *Charl Thiem* Senior Developer | +27 (0) 21 970 4000 | [email protected] | www.opencollab.co.za | @opencollab -- See OpenCollab email disclaimer at http://www.opencollab.co.za/email-disclaimer <http://www.opencollab.co.za/email-disclaimer> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAK5fTW4eQjAL1nfKSwivDXu90utMQ-H2m4fRRb-J%2BJOX%3DTCbLA%40mail.gmail.com.
