suggested that OAuth-based log-in need not repeat asking the user to give their consent for the scope requested by the client once the user has agreed.
Also, the Brain Commons group asked:
2. Consent page
We noticed that we are asked for consent for the OAuth claims every time we login
Some providers will store your consent so you're not asked every time. Is that an option in Synapse?
Combined with SSO, this would allow OAuth-login with little to no user interaction.
There should also be a way for the user to 'tell' Synapse to forget