-
-
Notifications
You must be signed in to change notification settings - Fork 8
Prompt for OAuth2 consent on every auth flow #439
Copy link
Copy link
Closed
Labels
area: back-endgood first issueGood for newcomersGood for newcomerspriority: lowtype: enhancementChanges or improvements to existing featuresChanges or improvements to existing featurestype: featureA request for or implementation of a new featureA request for or implementation of a new feature
Description
Metadata
Metadata
Assignees
Labels
area: back-endgood first issueGood for newcomersGood for newcomerspriority: lowtype: enhancementChanges or improvements to existing featuresChanges or improvements to existing featurestype: featureA request for or implementation of a new featureA request for or implementation of a new feature
Type
Fields
Give feedbackNo fields configured for issues without a type.
Description
This would prompt the user to re-consent to sharing info vvery time a they go through the OAuth2 flow.
This also gives them a chance to swap the user that they are logging into Discord with.
Justification
Currently Discord will cache the user you have logged into for forms, meaning if you log out by deleting your token in local storage, the next time you login Discord will automatically login with the same account.
This causes an issue, especially for admins, if you have logged in with an alt and now want to log in with an admin account.
Of course a real fix for this would be to allow users to full logout and/or have an admin panel, but this solution at least helps.
Implementation
Add
&prompt=consentto the oauth 2 auth url.