How to avoid displaying the consent screen in our own applications with external authentication?

Question

We have developed a web application with the rest-api function using oauth2 / oidc and third-party application support.
We have developed our own native applications for Android and ios. They currently retrieve a long-lived token from the user credential stream (no consent screen required).
We are currently expanding our authentication flow to also accept an external login from google / office365. This is also supported by specifying the acr value in the oauth authorization / implicit code.

Of course, we want to be able to fully trust our native application, and not show the consent screen for a better user experience. When using an authorization code / implicit flow, although nothing can be considered a secret, and an attacker can potentially use (without user knowledge) the user if the consent screen is not displayed.
How can we avoid displaying a consent screen for our own application, although you are still sure that the user is as safe as possible?

Make a separate login to office365 / google to retrieve the update token from this idp, and then implement a public authentication method using this token to retrieve the long-awaited token from our webapp.
`clientId/clientSecret/redirectUrl` " ".
, "google/office365 ".
, /

, (1) , , webapp .

-, , ?

+4

2

Hans Z. · Answer 1 · 2015-10-02T13:20:13+0000

, Google , , OAuth.

, : , Google, client_id/client_secret/redirect_uri. Google , . (1), . .

, /webview / . . , , , .

fiddur · Answer 2 · 2015-10-05T08:43:36+0000

- nr 2:

( clientId clientSecret) (, ) .

; , .