I have customized our authorize endpoint to bypass consent for specific domains.
I have worked on other solutions where after accepting the consent this state is kept in the IDP.
What is the proper way of doing this in the API gateway since there is nothing I can see in the assertion where the consent decisions is persisted against a user id and a device.
What is the proper way of handling this in Layer7