3rd Party Applications Consent Flows

Within Descope's 3rd Party Applications, you must configure the Flow Hosting URL, which hosts your consent flow. Descope has added additional flow components for the 3rd Party Applications to accommodate the consent easily inflows. These are outlined in this guide, as well as instructions on how to build a general consent flow.

3rd Party Flow Components

Descope has added the 3rd Party App Logo and 3rd Party App Scopes components to Descope flows.

The 3rd Party App Logo allows you to automatically display the configured 3rd Party Application's logo and arrows associating that you connect the 3rd Party to your application. Your configured logo within your styles will be used here.

The 3rd Party App Scopes automatically captures the applicable scopes configured on the application and displays them so the user can verify before continuing.

Implementing a Consent Flow

This section will cover implementing the above-referenced consent screen into a consent flow. Since you are still likely to utilize your usual authentication flow, you can utilize a subflow within your consent flow. This allows you to consistently use the same authentication flow with the additional consent screen to maintain a consistent user experience.

Once you have authenticated the user, you'll want to check whether the user has already consented to the application within a flow condition. The example below shows how to use the thirdPartyApp.user.consented context key to verify whether the user has already consented. If the user has, you can show them a screen where they've already consented or continue to the end of the flow. If the user has not consented, you can display the consent screen outlined in the above section.

Once you have added your consent screen, you will need to use the Update User Consent action. You could also add additional logic or suggest the user go back if they denied the authorization. The configured consent flow, like all flows, can be tailored to your design and logical needs. Below is a simple example of a completed consent flow.