Consent page per client #2247
-
|
I understand that we have complete flexibility on defining consent page and use it when integrating with Hydra, but if we need 2 category of clients as follows
What is the best way to support this? Can we store whether consent is required or not at per client config? Can we use any client config to indicate this? Or any other suggestions? Any suggestions are appreciated! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
I don't think there is currently anything available in the client-config to cover a requirement like that. What about the user which have access to the internal-system accessing external/3rd-party-apps? Do they need to operate on the consent-page as well? Maybe they do not and in that case you would maintain that information next to the user, not next to the client. If that doesn't do it, then you would need to map that information outside of hydra on your application hosting the consent-page or somehow misuse the existing fields. The name-field is currently used, according to the documentation (from here): So you could potentially also misuse that field somehow as the consent-app is the only one using it. l'll ask whether it make sense to have such a feature nevertheless. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for responding. I have a slight different understanding here and was referring based on how it is managed in KeyCloak. It does support consent flag at per-client settings. I was thinking of using client.meta column (which is a json type), but I am not sure from the documentation about its purpose and dont want to break or defy how it's implemented. Appreciate your thoughts! |
Beta Was this translation helpful? Give feedback.
-
|
Chiming in here as this has been asked and answered before a couple of times - you control the user interface so you can decide when to show and when not to show the consent screen. To expand on @k9ert answer - just allow-list the internal client IDs in your UI and you're good to go. |
Beta Was this translation helpful? Give feedback.
-
|
Appreciate suggestions! |
Beta Was this translation helpful? Give feedback.
I don't think there is currently anything available in the client-config to cover a requirement like that.
However, i'd like to question whether it make sense to maintain that kind of information on next to the client.
What about the user which have access to the internal-system accessing external/3rd-party-apps? Do they need to operate on the consent-page as well? Maybe they do not and in that case you would maintain that information next to the user, not next to the client.
If that doesn't do it, then you would need to map that information outside of hydra on your application hosting the consent-page or somehow misuse the existing fields. The name-field is currently used, according to t…