Google-api-dotnet-client: GoogleAuthorizationCodeRequestUrl approval_prompt:force and prompt:consent

Created on 13 Apr 2018  Â·  16Comments  Â·  Source: googleapis/google-api-dotnet-client

After updating of nugets from 1.13.1 to 1.32.2 version Google OAuth not return refresh_token on request. I.e. always refresh_token=null

Our GoogleAuthorizationCodeRequestUrl properties in both versions (1.13.1 and 1.32.2):
AccessType=offline,
ApprovalPrompt=force.

Looks like approval_prompt no longer supported (replaced to prompt:consent): https://github.com/google/oauth2client/issues/453

Can you confirm that our issue related to not right request attribute (i.e. we should use prompt:consent)?

If yes, please propose the workaround with minor changes from our side. Maybe we can temporarily revert nugets to more earlier version than 1.32.2 but upper than 1.13.1?

Or you can make fix of GoogleAuthorizationCodeRequestUrl?

Thank in advance!

All 16 comments

I think thats a different project you may want to try posting over on google/oauth2client

If it's about the nuget packages, this is the right project - but I know nothing about this particular area. Will assign to Chris to investigate :)

In that case i would love to see some code for this. I am not aware of any way of passing ApprovalPrompt to this library. I believe i have seen a few comments on stack overflow about it over the years.

I always thought ApprovalPrompt was used internally to prompt when the client requested offline access.

@jskeet @LindaLawton yes, it’s about .net nuget package.

As I know ApprovalPrompt parameter in GoogleAuthorizationRequestUrl not changed, i.e. it still “approval_prompt” source https://github.com/google/google-api-dotnet-client/blob/b26fd3effa79808c229d5bf8814777ecc90a7193/Src/Support/Google.Apis.Auth/OAuth2/Requests/GoogleAuthorizationCodeRequestUrl.cs

I provide source example soon.

@chrisdunelm @LindaLawton my sample, works fine in nuget 1.13.1 but not in 1.32.2, i.e. in 1.32.2 refreshToken always null.

    public class CustomAuthorizationCodeFlow : AuthorizationCodeFlow
    {
        public override AuthorizationCodeRequestUrl CreateAuthorizationCodeRequest(string requestUri)
        {
            public CustomAuthorizationCodeFlow(Initializer initializer) : base(initializer)
            { 
            }

            return new GoogleAuthorizationCodeRequestUrl(new Uri(AuthorizationServerUrl))
            {
                ClientId = ClientSecrets.ClientId,
                Scope = string.Join(" ", Scopes),
                RedirectUri = redirectUri,
                AccessType = "offline",
                ApprovalPrompt = "force"
            };
        }
    }

    var flow = new CustomAuthorizationCodeFlow(initializer);
    var auth = new AuthorizationCodeWebApp(flow, redirectUri, state);
    var result = await auth.AuthorizeAsync(userId, taskCancellationToken);
    var refreshToken = result.Credential.Token.RefreshToken;

looks like ApprovalPrompt = "force" should be renamed to Prompt = "consent".

Nice find!

@LindaLawton Thank you for a quick investigation. @chrisdunelm Any chance that this issue being investigated/fixed on this week?
If not may be you can propose a temporary workaround.

@mgkcortyw: I'm still confused about why you're seeing different behavior between 1.13.1 and 1.32.2. That file hasn't changed for a very long time. Can you just confirm that you really do see a difference between those two versions?

Yes, we may well need to deprecate the ApprovalPrompt property and introduce a new Prompt one due to server-side changes, but 1.13.1 still had ApprovalPrompt sending the approval_prompt query parameter, so I wouldn't expect that to have changed anything.

Well there are new constants, all to do with OpenID, but none of the existing constants have changed.

Constants in 1.13.1: https://raw.githubusercontent.com/google/google-api-dotnet-client/v1.13.1/Src/Support/GoogleApis.Auth/OAuth2/GoogleConsts.cs

Constants in 1.32.1: https://raw.githubusercontent.com/google/google-api-dotnet-client/v1.32.2/Src/Support/Google.Apis.Auth/OAuth2/GoogleAuthConsts.cs

Again, could you check that you really see a difference in behavior between 1.13.1 and 1.32.2? Diagnosing "something that needs to change due to a server change" and "something that needs reverting to earlier code" are fairly different, and I can't currently see any change since 1.13.1 that would explain this.

I think GoogleAuthorizationCodeFlow changed from using GoogleAuthConsts.AuthorizationUrl to use GoogleAuthConsts.OidcAuthorizationUrl in PR#1003 back in May 2017.

https://github.com/google/oauth2client/issues/453 suggests this change of auth URL causes the problem.

I'll do some more work to confirm this is the case.

I thought i put in a feature request last year to change the endpoints and read from discovery doc didnt we do that?

adding new openid connect endpoints I really need to submit a change that reads from the disco endpoint directly.

@LindaLawton That's probably #916. We updated to the latest URLs, but don't read from the openid-configuration.

@jskeet you are right, it’s not GoogleConsts.cs issue, but related to urls. (Difference in GoogleAuthorizationCodeFlow.cs) @chrisdunelm hit the target! Thanks.

We are use GoogleAuthorizationCodeFlow.Initializer() constructor and pass it into CustomAuthorizationCodeFlow constructor in my code listing above.

I'll create a PR to add a Prompt property to the GoogleAuthorizationCodeRequestUrl class; and to mark the existing ApprovalPrompt property as obsolete.
This will allow you to set prompt=consent as required to retrieve a refresh token.

@chrisdunelm Thank you! It’s great! 👍

Could you release new version of nugets after that?

Was this page helpful?
0 / 5 - 0 ratings