Force google account chooser
Google OauthGoogle Oauth Problem Overview
Is there is a way I can force the google account chooser to appear even if the user is logged in just with one account.
I have tried by redirecting to this URL:
https://accounts.google.com/AccountChooser?service=lso&continue=[authorizeurl]
and it seems to work, but I don't know if there are any other conditions in which it might fail.
Google Oauth Solutions
Solution 1 - Google Oauth
The following parameter is supported in OAuth2 authorization URLs:
prompt
Currently it can have values none
, select_account
, and consent
.
-
none: Will cause Google to not show any UI, and therefore fail if user needs to login, or select an account in case of multi-login, or consent if first approval. It can be run in an invisible i-frame to obtain a token from previously authorized users before you decide, for instance, to render an authorization button.
-
consent: Will force the approval page to be displayed even if the user has previously authorized your application. May be useful in a few corner cases, for instance if you lost the refresh_token for the user, as Google only issues refresh_tokens on explicit consent action.
-
select_account: Will cause the account selector to display, even if there's a single logged-in user, just as you asked.
select_account
can be combined with consent
, as in:
prompt=select_account consent
Solution 2 - Google Oauth
Also, you can add "prompt" parameter in HTML tags as data-prompt="select_account":
<div class="g-signin2" data-onsuccess="onSignIn" data-prompt="select_account">
and it will force account chooser every time, even if you are logged in with only one account
Solution 3 - Google Oauth
Some people may end up here looking for an answer about how to do this in Microsoft.AspNetCore.Authentication.
We were able to accomplish it via the following code in the Startup.ConfigureServices method:
services.AddAuthentication()
.AddGoogle(options =>
{
options.ClientId = configHelper.GoogleOAuthClientID;
options.ClientSecret = configHelper.GoogleOAuthSecret;
options.CallbackPath = "/signin-google";
options.AuthorizationEndpoint = string.Concat(options.AuthorizationEndpoint, "?prompt=select_account");
});
Solution 4 - Google Oauth
If you are using gapi
than just add prompt: 'select_account'
Example:
gapi.load('auth2', function () {
gapi.auth2.init({
client_id: "client_id.apps.googleusercontent.com",
scope: "profile email", // this isn't required
ux_mode: 'redirect',
redirect_uri: 'https://www.example.com',
prompt: 'select_account'
}).then(function (auth2) {
console.log("signed in: " + auth2.isSignedIn.get());
x = auth2.isSignedIn.get();
auth2.isSignedIn.listen(onSignIn);
var button = document.querySelector('#signInButton');
button.addEventListener('click', function () {
auth2.signIn();
});
});
});
Solution 5 - Google Oauth
For google api php client (https://github.com/google/google-api-php-client) you manage to do that as following:
$client = new Google_Client();
$client->setApprovalPrompt("force");
$client->createAuthUrl();