approval_prompt=force no longer works #453
Comments
@chripede Thanks for the report and sorry we don't have system tests to catch regressions like this. |
AFAICT, approval_prompt=force has been replaced with prompt=none|consent|select_account. https://developers.google.com/identity/protocols/OAuth2WebServer#redirecting Apologies for not catching this sooner, I'm not aware of anything that pointed out the changes in the new version and I made a bad assumption that only the endpoint had changed and parameters would remain the same. Moving forward, it looks like replacing approval_prompt=force can just be replaced with prompt=consent for 2.0 today since it's a kwarg: I have not tested that yet but will try to today. @chripede if it's possible for you test that fix also, that'd be great. Assuming that solves we may be able to add a check for approval_prompt values in kwargs and convert that to the proper prompt value. |
@jay0lee I tried that before posting this bug report. prompt=consent didn't do anything for me. I hope you can prove me wrong :) I'd really like to submit this as a bug with those who owns the end-point, but no idea how to do that. Was hoping that some of you would know how to do that. |
@chripede do you have sample code for the issue? I tested something very simple like: from oauth2client.client import OAuth2WebServerFlow
from oauth2client.tools import run_flow
from oauth2client.file import Storage
CLIENT_ID = '<client_id>'
CLIENT_SECRET = '<client_secret>'
flow = OAuth2WebServerFlow(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
scope='https://spreadsheets.google.com/feeds https://docs.google.com/feeds',
redirect_uri='http://example.com/auth_return',
prompt='consent')
storage = Storage('creds.data')
credentials = run_flow(flow, storage)
print "access_token: %s" % credentials.access_token and I was prompted to approve. If I changed prompt to select_account I was brought straight to the picker (even though I only had one user logged in). |
Should we issue a warning in |
@jay0lee it seems that |
googleapis/oauth2client#453 Note we may need to use prompt=consent instead.
…nsent It looks like in 2016 or so` approval_prompt=force` was replaced with the open id connect friendly `prompt=consent`. See: - https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest - https://developers.google.com/identity/sign-in/web/reference#gapiauth2offlineaccessoptions - googleapis/oauth2client#453 - pomerium/pomerium#82 Change-Id: Iad2d533f451a70b2941aafd11c9b7272026a2f16 GitHub-Last-Rev: d6d10ce GitHub-Pull-Request: #379 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/171123 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
After upgrading to 2.0.0 approval_prompt=force no longer works.
The difference in the generated url seems to be the reason
1.5.2:
https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force
2.0.0:
https://accounts.google.com/o/oauth2/v2/auth?access_type=offline&approval_prompt=force
I'm not sure where to report this, as the real issue seems to be the new v2 endpoint.
The text was updated successfully, but these errors were encountered: