Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

allow forcing the display of the OAuth approval screen

as per https://developers.google.com/accounts/docs/OAuth2WebServer#offline the only way to regenerate a refresh_token (for offline use), is to force the user to re-approve the app. This commit adds the optional "forceApproval" option. If present and is true, it will trigger the display of the approval prompt to the user.
  • Loading branch information...
commit ae5c3ab86a7468ef0f1ea94d23cfaa1a843f6253 1 parent 94727eb
Oz Katz ozkatz authored
Showing with 4 additions and 0 deletions.
  1. +4 −0 lib/auth.strategies/google2.js
4 lib/auth.strategies/google2.js
View
@@ -16,6 +16,7 @@ module.exports= function(options, server) {
my._redirectUri= options.callback;
my.scope= options.scope || "https://www.googleapis.com/auth/userinfo.profile";
my.accessType = options.accessType || null;
+ my.forceApproval = options.forceApproval || false;
// Ensure we have the correct scopes to match what the consumer really wants.
if( options.requestEmailPermission === true && my.scope.indexOf("auth/userinfo.email") == -1 ) {
@@ -104,6 +105,9 @@ module.exports= function(options, server) {
// support offline access as per https://developers.google.com/accounts/docs/OAuth2WebServer#offline
if(my.accessType !== null)
urlParams.access_type = my.accessType; // access_type=offline
+ // force displaying the approval prompt to the user. In such a case, a refresh_token will be regenerated.
+ if (my.forceApproval)
+ urlParams.approval_prompt = 'force';
var redirectUrl= my._oAuth.getAuthorizeUrl(urlParams);
self.redirect(response, redirectUrl, callback);
}
Please sign in to comment.
Something went wrong with that request. Please try again.