We’ve followed the steps outlined in this doc on how to add scopes for an external idp.
Our problem is that every time users log into our web application, they are taken to the Google permissions dialog (despite having previously given our app the permissions it needs).
Has anyone else experienced this issue? It’s super annoying for our users and we haven’t found a solution in any other community post. Any help would be much appreciated!
The steps outlined in this doc explained how to configure Google/Gmail scopes.
If this step is completed, users will see the “Sign in With Google” option and then request them to choose an gmail account to log in to the app.
Our problem is that every time users log into our web application, they are taken to the Google permissions dialog (despite having previously given our app the permissions it needs).
Could you provide a screenshot of the Google permission dialog and explain what do you want to achieve?
Many thanks for the quick reply. All works as expected (i.e. when a user logs in, they are redirected to the page in the screenshot, and can successfully grant our application the permissions it needs).
The problem comes when the user logs out / logs back in again. We were expecting that the user would only have to grant permissions once, whereas the behaviour we see is that they are redirected to the permissions page each and every time and have to “Allow” again.
We have users complaining about this (and rightly so!), because they’re used to applications where you only have to grant permissions once (and not again and again, as they experience with our application)
I tested by granting permission only to “Google Drive” as shown in the below screenshot and saw the Google Drive requesting permission screen only once. I could not repeat the same behavior as you.
Are you definitely logged out from your IDP when you sign in to the application?
We’ve experienced the following:
If you log out of our application but still remain logged in to your IDP (in our cause google-oauth2), when you log back into our app, you won’t get the auth popup
If you log out of our application and log out of your IDP (in our cause google-oauth2), when you log back into our app, you’ll get the auth popup
Thank you for the updates. My Google Auth connection also uses my own Google API keys.
This article on Stack Overflow talked about the same query. Could you please take a look at the answer?
Meantime, we have a few more questions:
Is your google application verified and published?
Are you using an internal or external google app?
Can you DM me a HAR of the request that is resulting in a consent prompt?
Regarding your query about “can we get the IDP refresh_token without forcing consent popup” we have created a new topic on your behalf and will provide updates shortly.
We’re using Google API v3 (npm package googleapis) to access Google Drive API.
Alright, I’ll DM you.
@lihua.zhang Our concern is if we’re not forcing user to see consent screen, we don’t get refresh_token from IDP. Actually we’re using Google Drive API v3, and refresh_token always required when we want to make a request to their API. So the only way to get refresh_token is forcing user to see consent screen.
Hi @lihua.zhang
Selecting Google Drive Files - requests for too much permission and selecting just the Google Drive grants too little permission.
In my case, I would like for the user to only see and download files from their drive.
Is there a way to limit the permission to this?