I followed OAuth1 to OAuth2 migration documentation and was able to get new refresh_token and access_tokens.
The issue is, Google displays approval screen again and list all the scopes. The whole point of migrating the credentials is that user should not see the approval screen.
Here is my POST request for migration:
POST https://accounts.google.com/o/oauth2/token HTTP/1.1 Authorization: OAuth realm="",oauth_consumer_key=[CONSUMER KEY]",oauth_nonce="2c06a5da90ec4a62b737bdfb3922d675",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1411677478",oauth_token="[OAUTH TOKEN]",oauth_signature="oL%2b2JdOBCKcND8cSHSmHQMRN5NI%3d" Content-Type: application/x-www-form-urlencoded Host: accounts.google.com Content-Length: 194 Expect: 100-continue Connection: Keep-Alive grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3amigration%3aoauth1&client_id=&client_secret=[GENERATED SIGNATURE]
Further more, if I check https://security.google.com/settings/security/permissions?pli=1 page to see which application I have given access to, I see my new application there, with all the scopes that older application had.
I also made sure that I don't include approval_prompt=force
Any thoughts? Am I wrong in assuming that the user will not see the approval screen after migration?