Google Sign In Account Chooser Showing Every Time (and a few other questions)

Help
1

I have setup user login for my angular app using this link Auth0 Angular SDK Quickstarts: Login and everything seems to work fine, apart from a couple of questions I have.

Every time the browser is refreshed, it goes to re-authenticate which I expect as now the storage for the local tokens has been moved from localStorage to local variables in my app, so they would be lost if the browser refreshes. However as I am using Google Chrome browser (on Windows), and as I am logged into my two google accounts in the browser, every time the page reloads, I am asked which account I want to login with.

I would prefer that if I have recently logged in with account X, that it would automatically choose account X, BUT if I logout of my app, that next time it would ask me to choose the account I want.

Is this current behaviour working as expected (i.e. have I implemented it correctly) and is the desired behavour I have outlined possible?

I have looked at the different options for ‘prompt’ but if I specify none and I am do not have an authenticated session with Auth0, then it fails, in this case should I catch this error and then do a ‘normal’ login? But I don’t want to change the recommended auth0 code used in the example unless this is correct.

One more question: in Google Chrome on Android, even if I have e.g. 4 tabs open, and if I leave it overnight (I have token renewal every hour enabled) and go back to the browser, it’s still logged in (which is what I want for now) and I can perform actions without having to login - so does this mean even in Chrome on Android when phone is sitting idle it’s performing the refresh of token every hour? I wasn’t sure if Android allowed this background activity in Chrome - great if it does.

And a final question - I have noticed that after the hour (or 55 mins as I have set it to), when browser does silent renewal of token, I seem to get about 10 requests at the same time for this - if anyone knows why this may occur please let me know.

If I can provide any more information to make this easier to answer please let me know. Thanks.

Just to add, below is some snippets where I have made small changes to the code:

public login(): void {
this.auth0.authorize(
  {
    connection: 'google-oauth2',
    connectionScope: 'https://www.googleapis.com/auth/calendar.events.readonly',
    accessType: 'offline'
  } as any);
  }

this.auth0.checkSession({
      connection: 'google-oauth2',
      connectionScope: 'https://www.googleapis.com/auth/calendar.events.readonly',
      accessType: 'offline'
    } as any, (err, authResult) => {
2

Hi Jonathan.

Is this current behaviour working as expected (i.e. have I implemented it correctly) and is the desired behavour I have outlined possible?

To skip the Google account chooser you can use login_hint={user_email_address} in the /authorize request. If the request gets to Google and the provided email address matches one of the existing accounts, Google will bypass the account chooser. You will have to store the last used email address in localStorage to have it available on the authorize request.
Note that I said “if the request gets to Google”: if the user already has a session with Auth0 the Auth0 might use that session and avoid reaching out to Google altogether. If this is the case, the login_hint will be ignored.
To have Auth0 use the existing session (if available) and skip the login altogether if possible, make sure you have the “Seamless SSO” toggle enabled in the tenant Advanced Setting. If you don’t see that toggle, it means that your tenant has it enabled by default.

I have looked at the different options for ‘prompt’ but if I specify none and I am do not have an authenticated session with Auth0, then it fails, in this case should I catch this error and then do a ‘normal’ login? But I don’t want to change the recommended auth0 code used in the example unless this is correct.

If you don’t mind the page refresh, you can do a regular authorize() request for a simpler solution. checkSession() from Auth0.js does a prompt=none in a hidden iframe, and it is useful if you want to avoid reloading the SPA if an existing session is available.

I wasn’t sure if Android allowed this background activity in Chrome - great if it does.

I’m just guessing here, but I’d say that mobile browsers are much more aggressive in saving resources, so probably not. But if you make the Auth0 session long enough (3 days without activity is the maximum now) then the user won’t need to sign in again.

And a final question - I have noticed that after the hour (or 55 mins as I have set it to), when browser does silent renewal of token, I seem to get about 10 requests at the same time for this - if anyone knows why this may occur please let me know.

Hard to say with the provided snippet of code, but putting some breakipoints in the code and looking at the stack trace might help you there.

1 Like
3

Thanks Nicolas for your help - this works well.

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.