Google Auth api: skip asking for user account and grant scopes only

1
votes

I'm using the Google Auth api in my app to allow users to sign in with their google credentials. Once they access certain parts of my applications, I want to prompt them for the specific permissions / scopes needed.

Looking at the documentation for Google Auth (https://developers.google.com/identity/sign-in/web/reference#googleusergrantoptions), I noticed that there's a grant call which seems to allow me to ask for different permissions / scopes. However, when using this call, it seems to prompt the user to select an account again. Since I'm already logged into the application, this seems redundant. I've played with the different options I can find in the documentation, but nothing seems to skip the account selection step once you're logged in already.

Does anyone have a working solution or a work-around?

1
google-apigoogle-oauthgoogle-signingoogle-authentication
Personally i would expect it to ask the user againDaImTo
@DaImTo why would you expect it to ask the user again even if the user just signed in using a particular account?wmock
What if someone was using my pc and it wasn't me? You also need to consider that for you to add scopes to your auth you are going to have to request permission of the user this is how oauth works. You are after all going to be getting a new tokenDaImTo

1 Answers

0
votes

It would be dangerous for Google to make an assumption as to which account the user wishes to apply the grant to. Eg. I might have a GDrive app which copies files between two of my accounts. Therefore the app would have grants to both of my accounts. If it wants to extend a grant, let's say upgrade drive.readonly to drive so it can delete the original file, how would Google know which account the new grant relates to.

My only suggestion is to look at the login_hint which will pre-select the appropriate account.