Google OAuth2 re-authorization is missing permissions on the consent page

前端 未结 2 2045
忘了有多久
忘了有多久 2021-02-04 16:34

When I force a user to re-authorize my application a second time, using approval_prompt=force, how can I get Google to show the user the entire list of permissions

相关标签:
2条回答
  • 2021-02-04 16:49

    You have to revoke the access token and log out. Then if you go to sign in process, It will show the permission.

    public static void RevokeAcess(String accessOrRefreshToken) throws ClientProtocolException, IOException
    {
        HttpClient client = new DefaultHttpClient();
        HttpPost post = new HttpPost("https://accounts.google.com/o/oauth2/revoke?token="+accessOrRefreshToken);
        client.execute(post);
    }
    

    This network process should be called in non ui thread or asyntask

    0 讨论(0)
  • 2021-02-04 17:02

    We launched incremental auth and this is the working as designed.

    http://googleplusplatform.blogspot.com/2013/12/google-sign-in-improvements11.html

    The idea is if a user has already granted the permissions to an app, there is no need to show the same permissions and ask the user to approve.

    If you write your application properly then this situation should not arise. If you request an offline code (refresh token) and store it on your backend, you shouldn't be asking for it again unless if you need to get some new scopes/permissions. You should use the refresh token that you have stored in the future. If you only need the access token when the user is on your site, you can use other flows to request an access token without user seeing an approval page.

    0 讨论(0)
提交回复
热议问题