I am new to oauth 2.0 and reading up on it. I tried using oauth 2.0 for my app with 37signals site and ran into a problem. Now sure if its as designed. Any here is what I see.
- User is already logged into 37signals site.
- My app starts the oauth flow by redirecting him to 37signals site
- An authorization page appears asking the user if he is okay with granting access to my app.
- User approves and is brought back to my app. (An access token is also available)
- Now, user logs out of 37signals site.
- User tries to use my app. My app starts the oauth flow by redirecting him to 37signals site.
- The user logs in using login screen.
- He is again shown the authorization page. Shouldn't this be skipped since the user approved it the first time? Or is this as designed?
Anyway, this does not seem very user friendly to me i.e showing the approval page every time after logout.
I noticed similar behavior with twitter as well. I initially posted a similar question while using a nodejs oauth library. Then I thought its a general oauth 2.0 question. everyauth always triggers authorization