I just migrated to a newly created tenant, and the exact same code I had before is no longer working.
My use case is that I sometimes need to force users to the Google consent screen (in order to get a Google refresh_token).
The following C# code has been working in an older tenant, but not in this new one. The expected behavior is that the user is redirected to the Google consent screen, but the actual behavior is that the user is redirected to Auth0 and then directly back to my application.
The code:
private static ChallengeHttpResult Handle(bool? forceApprovalPrompt, string? returnUrl)
{
var authenticationPropertiesBuilder = new LoginAuthenticationPropertiesBuilder()
.WithParameter("connection_scope", "https://www.googleapis.com/auth/calendar.readonly")
.WithParameter("access_type", "offline")
.WithRedirectUri(returnUrl);
if (forceApprovalPrompt is true)
{
authenticationPropertiesBuilder.WithParameter("approval_prompt", "force");
}
return TypedResults.Challenge(authenticationPropertiesBuilder.Build(), [Auth0Constants.AuthenticationScheme]);
}
And this is the resulting URL the user is redirected to:
https://<...>.eu.auth0.com/authorize?client_id=<...>&redirect_uri=https://<...>/signin-oidc&response_type=id_token&scope=openid profile email offline&response_mode=form_post&nonce=<...>&auth0Client=<...>&connection_scope=https://www.googleapis.com/auth/calendar.readonly&access_type=offline&approval_prompt=force&state=<...>&x-client-SKU=ID_NET8_0&x-client-ver=7.1.2.0