Following successful Authorization Server Authentication of the End-User, the Authorization Server MUST perform a Authorization Server Request End-User Consent-Authorization before releasing information to the Relying Party.
When permitted by the request parameters used, this MAY be done through an interactive dialogue with the End-User that makes it clear what Consent is being requested to or by establishing consent via conditions for processing the request or other means (for example, via previous administrative consent). Information release mechanisms are via: