I'm using the Microsoft.Owin.Security.Google (version 3.0.1) middlware to provide Google OAuth to my app.
It's configured like so:
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "Google",
Caption = "Google",
SignInAsAuthenticationType = signInAsType, // "idsrv.external"
ClientId = "xxx.apps.googleusercontent.com",
ClientSecret = "xxx"
});
Pretty simple stuff. I'm using IdentityServer as the MW to issue the claims.
When i first authenticate the user with Google, Google asks for the following consent from the user:
Which makes total sense, as i'm requesting openid profile email scopes in the URL:
https://accounts.google.com/o/oauth2/auth?scope=openid profile email&response_type=code&redirect_uri=https://localhost:44301/core/signin-google&state=xxx&client_id=111.apps.googleusercontent.com&hl=en-GB&from_login=1&as=-25fb4219b2997893&authuser=0
I then accept, and all works well.
Now, after i logout, then re-authenticate again - from now on Google keeps asking me for "offline access":
I've not asked for offline access scope, so confused why Google is asking for this?
Confirmed the URL looks fine:
https://accounts.google.com/o/oauth2/auth?scope=openid profile email&response_type=code&redirect_uri=https://localhost:44301/core/signin-google&state=xxx&client_id=111.apps.googleusercontent.com&hl=en-GB&from_login=1&as=676f55265a78c036&authuser=0
So exactly the same URL as the first request.
I have tried:
- Turned on Google+ API in API console
- Tried adding
&prompt=auto(causes error "Invalid parameter value for prompt: Invalid prompt: auto") - Tried adding
access_type=online(even though this is the default, if not provided). - Tried adding
approval_prompt=auto
None of those techniques have worked.
Any ideas?
