This message was deleted.
# general
m
This message was deleted.
h
Some providers choose to skip consent in first-party scenarios. This is not fully OpenID Connect spec compliant but since it’s usually for only a specific set of clients, it does not get properly validated by the OpenID Connect certification, thus doesn’t come up during audit 😉
p
I actually noticed that dex utilizes this mode specifically for compliance testing, but never mention it anywhere else in their docs, so that kind of makes sense now.
I'm kind of curious what your interpretation of this section here is, specifically "this MAY be done through an interactive dialogue with the End-User that makes it clear what is being consented to or by establishing consent via conditions for processing the request or other means" and "previous administrative consent": https://openid.net/specs/openid-connect-core-1_0.html#Consent