So I've been working on a personal project working with React and FastAPI. Now I've hit an issue we're 1st party application would require consent regardless if the Allow Skipping User Consent was set to true or not. I was then questioning myself if this was the correct approach for Role Based Access Control (RBAC) between the frontend and backend. I could use the permissions option within Auth0 but didn't feel right. I could also not find anyone else talking about this approach.

After a fair few days of Googling and reading articles looking at the best way to go about Authorization between the frontend and backend, I come across this DEV article what explains how to skip Auth0 consent prompt for local development.

I wasn't aware that Auth0 blocks localhost, I never come across any docs that stated this.

Setting up NGROK to then test resulted in the expected behaviour for 1st party applications.