Google Drive re-requesting permission every time a user logs in

Hi there!

We’ve followed the steps outlined in this doc on how to add scopes for an external idp.

Our problem is that every time users log into our web application, they are taken to the Google permissions dialog (despite having previously given our app the permissions it needs).

Has anyone else experienced this issue? It’s super annoying for our users and we haven’t found a solution in any other community post. Any help would be much appreciated!

Hi @tom18 ,

Welcome to the Auth0 Community!

The steps outlined in this doc explained how to configure Google/Gmail scopes.

If this step is completed, users will see the “Sign in With Google” option and then request them to choose an gmail account to log in to the app.

Our problem is that every time users log into our web application, they are taken to the Google permissions dialog (despite having previously given our app the permissions it needs).

Could you provide a screenshot of the Google permission dialog and explain what do you want to achieve?

Thanks!

1 Like

Many thanks for the quick reply. All works as expected (i.e. when a user logs in, they are redirected to the page in the screenshot, and can successfully grant our application the permissions it needs).

The problem comes when the user logs out / logs back in again. We were expecting that the user would only have to grant permissions once, whereas the behaviour we see is that they are redirected to the permissions page each and every time and have to “Allow” again.

We have users complaining about this (and rightly so!), because they’re used to applications where you only have to grant permissions once (and not again and again, as they experience with our application)

Thank you for providing the details.

I tested by granting permission only to “Google Drive” as shown in the below screenshot and saw the Google Drive requesting permission screen only once. I could not repeat the same behavior as you.

Is “Google Drive” the only App you granted the permission to?

1 Like

Many thanks for getting back to me. We have also enabled “Google Drive Files”.

What happens when you:

  • Open a Private Browser window, sign in, and then close that window
  • Open a new Private Browser window & sign in again

Do you get the popup on both sign ins?

I tested with Chrome earlier and just tried this with Chrome incognito mode and saw the same results.

After I checked “Google Drive” and “Google Drive Files” and saved the change in the Auth0 dashboard, I

  1. sign in to the application
  2. click “Allow” in the Google Drive popup window
  3. log out of the application
  4. close the window/tab
  5. open a new window
  6. sign in successfully without seeing the popup

Do you have more than one tenant? It is worth trying a different tenant to verify this behavior.

1 Like

Thanks again for your swift response!

Both tenants exhibit this same behaviour.

Are you definitely logged out from your IDP when you sign in to the application?

We’ve experienced the following:

  • If you log out of our application but still remain logged in to your IDP (in our cause google-oauth2), when you log back into our app, you won’t get the auth popup
  • If you log out of our application and log out of your IDP (in our cause google-oauth2), when you log back into our app, you’ll get the auth popup

A post was split to a new topic: Can we get the IDP refresh_token without forcing consent prompt?

I have a quick question, does your Google Auth connection use the Auth0 Dev keys or your Dev keys?

1 Like

Hi @lihua.zhang please allow me to join this conversation :pray:, we’re using our own Google API keys.

Thank you for the updates. My Google Auth connection also uses my own Google API keys.

This article on Stack Overflow talked about the same query. Could you please take a look at the answer?

Meantime, we have a few more questions:

  • Is your google application verified and published?
  • Are you using an internal or external google app?
  • Can you DM me a HAR of the request that is resulting in a consent prompt?

Regarding your query about “can we get the IDP refresh_token without forcing consent popup” we have created a new topic on your behalf and will provide updates shortly.

2 Likes
  1. Yes it is
  2. We’re using Google API v3 (npm package googleapis) to access Google Drive API.
  3. Alright, I’ll DM you.

@lihua.zhang Our concern is if we’re not forcing user to see consent screen, we don’t get refresh_token from IDP. Actually we’re using Google Drive API v3, and refresh_token always required when we want to make a request to their API. So the only way to get refresh_token is forcing user to see consent screen.