Approval_prompt=force not working in new tenant

I just migrated to a newly created tenant, and the exact same code I had before is no longer working.

My use case is that I sometimes need to force users to the Google consent screen (in order to get a Google refresh_token).

The following C# code has been working in an older tenant, but not in this new one. The expected behavior is that the user is redirected to the Google consent screen, but the actual behavior is that the user is redirected to Auth0 and then directly back to my application.

The code:

    private static ChallengeHttpResult Handle(bool? forceApprovalPrompt, string? returnUrl)
    {
        var authenticationPropertiesBuilder = new LoginAuthenticationPropertiesBuilder()
            .WithParameter("connection_scope", "https://www.googleapis.com/auth/calendar.readonly")
            .WithParameter("access_type", "offline")
            .WithRedirectUri(returnUrl);

        if (forceApprovalPrompt is true)
        {
            authenticationPropertiesBuilder.WithParameter("approval_prompt", "force");
        }

        return TypedResults.Challenge(authenticationPropertiesBuilder.Build(), [Auth0Constants.AuthenticationScheme]);
    }

And this is the resulting URL the user is redirected to:

https://<...>.eu.auth0.com/authorize?client_id=<...>&redirect_uri=https://<...>/signin-oidc&response_type=id_token&scope=openid profile email offline&response_mode=form_post&nonce=<...>&auth0Client=<...>&connection_scope=https://www.googleapis.com/auth/calendar.readonly&access_type=offline&approval_prompt=force&state=<...>&x-client-SKU=ID_NET8_0&x-client-ver=7.1.2.0

Hi @joel4,

Welcome to the Auth0 community!

This problem seems to be related to getting Google OAuth2 refresh token. Setting “approval_promt” to “force” doesn’t work anymore. Instead try setting “prompt” to “consent”, as this should provide your users with a Google refresh token.

I hope this solves your issue, and please come back if you have further questions.

Thanks,
Tudor

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.