Hi there!
We’ve followed the steps outlined in this doc on how to add scopes for an external idp.
Our problem is that every time users log into our web application, they are taken to the Google permissions dialog (despite having previously given our app the permissions it needs).
Has anyone else experienced this issue? It’s super annoying for our users and we haven’t found a solution in any other community post. Any help would be much appreciated!
Hi @tom18 ,
Welcome to the Auth0 Community!
The steps outlined in this doc explained how to configure Google/Gmail scopes.
If this step is completed, users will see the “Sign in With Google” option and then request them to choose an gmail account to log in to the app.
Our problem is that every time users log into our web application, they are taken to the Google permissions dialog (despite having previously given our app the permissions it needs).
Could you provide a screenshot of the Google permission dialog and explain what do you want to achieve?
Thanks!
Many thanks for the quick reply. All works as expected (i.e. when a user logs in, they are redirected to the page in the screenshot, and can successfully grant our application the permissions it needs).
The problem comes when the user logs out / logs back in again. We were expecting that the user would only have to grant permissions once, whereas the behaviour we see is that they are redirected to the permissions page each and every time and have to “Allow” again.
We have users complaining about this (and rightly so!), because they’re used to applications where you only have to grant permissions once (and not again and again, as they experience with our application)
Thank you for providing the details.
I tested by granting permission only to “Google Drive” as shown in the below screenshot and saw the Google Drive requesting permission screen only once. I could not repeat the same behavior as you.
Is “Google Drive” the only App you granted the permission to?
Many thanks for getting back to me. We have also enabled “Google Drive Files”.
What happens when you:
Do you get the popup on both sign ins?
I tested with Chrome earlier and just tried this with Chrome incognito mode and saw the same results.
After I checked “Google Drive” and “Google Drive Files” and saved the change in the Auth0 dashboard, I
Do you have more than one tenant? It is worth trying a different tenant to verify this behavior.
Thanks again for your swift response!
Both tenants exhibit this same behaviour.
Are you definitely logged out from your IDP when you sign in to the application?
We’ve experienced the following:
I have a quick question, does your Google Auth connection use the Auth0 Dev keys or your Dev keys?
Thank you for the updates. My Google Auth connection also uses my own Google API keys.
This article on Stack Overflow talked about the same query. Could you please take a look at the answer?
Meantime, we have a few more questions:
Regarding your query about “can we get the IDP refresh_token without forcing consent popup” we have created a new topic on your behalf and will provide updates shortly.
, we’re using our own Google API keys.googleapis) to access Google Drive API.@lihua.zhang Our concern is if we’re not forcing user to see consent screen, we don’t get refresh_token from IDP. Actually we’re using Google Drive API v3, and refresh_token always required when we want to make a request to their API. So the only way to get refresh_token is forcing user to see consent screen.
Hi @lihua.zhang
Selecting Google Drive Files - requests for too much permission and selecting just the Google Drive grants too little permission.
In my case, I would like for the user to only see and download files from their drive.
Is there a way to limit the permission to this?