Many of the OAuth 2.0/OpenID Connect flows require the user to explicitly agree to provide the client with access to their resources. This act of trust is one of the pillars of OAuth 2.0 and OpenID Connect.
Users grant consent based on scopes. In OAuth 2.0, scopes are a concept that limits the information to share with the client or the actions the client can do with the user's data. In OpenID Connect, scopes can be mapped to specific user data, too. For example, Identity Cloud maps the
profile scope to a number of user profile attributes.
Identity Cloud has built-in consent pages in its UI, but you can hand off the consent-gathering part of the flow to a separate service by configuring the The Remote Consent Service.
Identity Cloud let clients store the scopes to which the user has given consent to improve user experience. This is useful, for example, to minimize customer interaction. In the same way, Identity Cloud let users revoke consent at any point in time.
In some circumstances, however, clients may need a mechanism to skip consent altogether; for example, for trusted application-to-application or service-to-service interaction.