Force google account chooser

61
votes

Is there is a way I can force the google account chooser to appear even if the user is logged in just with one account.

I have tried by redirecting to this URL:

https://accounts.google.com/AccountChooser?service=lso&continue=[authorizeurl]

and it seems to work, but I don't know if there are any other conditions in which it might fail.

enter image description here

5
google-oauth

5 Answers

100
votes

The following parameter is supported in OAuth2 authorization URLs:

prompt

Currently it can have values none, select_account, and consent.

  • none: Will cause Google to not show any UI, and therefore fail if user needs to login, or select an account in case of multi-login, or consent if first approval. It can be run in an invisible i-frame to obtain a token from previously authorized users before you decide, for instance, to render an authorization button.

  • consent: Will force the approval page to be displayed even if the user has previously authorized your application. May be useful in a few corner cases, for instance if you lost the refresh_token for the user, as Google only issues refresh_tokens on explicit consent action.

  • select_account: Will cause the account selector to display, even if there's a single logged-in user, just as you asked.

select_account can be combined with consent, as in:

prompt=select_account consent

12
votes

Also, you can add "prompt" parameter in HTML tags as data-prompt="select_account":

<div class="g-signin2" data-onsuccess="onSignIn" data-prompt="select_account">

and it will force account chooser every time, even if you are logged in with only one account

9
votes

Some people may end up here looking for an answer about how to do this in Microsoft.AspNetCore.Authentication.

We were able to accomplish it via the following code in the Startup.ConfigureServices method:

services.AddAuthentication()
  .AddGoogle(options =>
  {
      options.ClientId = configHelper.GoogleOAuthClientID;
      options.ClientSecret = configHelper.GoogleOAuthSecret;
      options.CallbackPath = "/signin-google";
      options.AuthorizationEndpoint = string.Concat(options.AuthorizationEndpoint, "?prompt=select_account");
  });
3
votes

If you are using gapi than just add prompt: 'select_account'
Example:

gapi.load('auth2', function () {
            gapi.auth2.init({
                client_id: "client_id.apps.googleusercontent.com",
                scope: "profile email", // this isn't required
                ux_mode: 'redirect',
                redirect_uri: 'https://www.example.com',
                prompt: 'select_account'
            }).then(function (auth2) {
                console.log("signed in: " + auth2.isSignedIn.get());
                x = auth2.isSignedIn.get();
                auth2.isSignedIn.listen(onSignIn);
                var button = document.querySelector('#signInButton');
                button.addEventListener('click', function () {
                    auth2.signIn();
                });
            });
        });
2
votes

For google api php client (https://github.com/google/google-api-php-client) you manage to do that as following:

$client = new Google_Client();
$client->setApprovalPrompt("force");
$client->createAuthUrl();