Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
792 views
in Technique[技术] by (71.8m points)

oauth 2.0 - "This app would like to: Have offline access" when access_type=online

I have a Google App with OAuth 2.0 authentication. Everything used to work fine but recently I started getting the following "Request for permission" screen:

enter image description here

The strange part is that I get this screen when I pass access_type=online. Again, this used to work until recently.

What can be the cause for this? TIA

Edit:

The requested scopes are:

https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile

I have already tried:

  • with and without access_type=online
  • with and without approval_prompt=auto

Edit #2:

This is the python code I'm using to generate the authentication URL:

encoded_params = urllib.urlencode({
    "response_type" : "code",
    "client_id" : MY_CLIENT_ID,
    "scope" : " ".join(MY_SCOPES),
    "redirect_uri" : MY_REDIRECT_URI,
    "state" : random_security_token,
    "access_type" : "online",
    "approval_prompt" : "auto",
    })

auth_url = "https://accounts.google.com/o/oauth2/auth?" + encoded_params

Update (Oct. 14):

Even with the new scopes, I still get the consent screen. Recently I got it for a new device I was using for the authentication.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I think G does this when your app requests a token and there is still a valid access or refresh token for the user for the scopes in question.

The solution is to revoke tokens when you're done with them (either on user logout or immediately after authenticating the user) by issuing this request:

https://accounts.google.com/o/oauth2/revoke?token={token}

You don't have to provide any app credentials, just the token as a URL argument.

(docs here https://developers.google.com/accounts/docs/OAuth2WebServer#tokenrevoke)

I had the same problem and no combination of access_type or approval_prompt values seemed to solve it. Revoking the token did the trick.

I'm not sure how to revoke all outstanding tokens for your app, unless you happened to store them. To test with your own user account, you can manually revoke the existing token for your app here:

https://security.google.com/settings/security/permissions

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...