Google OAuth2 asking for "offline access"

Question

I'm using the Microsoft.Owin.Security.Google (version 3.0.1) middlware to provide Google OAuth to my app.

It's configured like so:

app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions
{
    AuthenticationType = "Google",
    Caption = "Google",
    SignInAsAuthenticationType = signInAsType, // "idsrv.external"
    ClientId = "xxx.apps.googleusercontent.com",
    ClientSecret = "xxx"
});

Pretty simple stuff. I'm using IdentityServer as the MW to issue the claims.

When i first authenticate the user with Google, Google asks for the following consent from the user:

Which makes total sense, as i'm requesting openid profile email scopes in the URL:

https://accounts.google.com/o/oauth2/auth?scope=openid profile email&response_type=code&redirect_uri=https://localhost:44301/core/signin-google&state=xxx&client_id=111.apps.googleusercontent.com&hl=en-GB&from_login=1&as=-25fb4219b2997893&authuser=0

I then accept, and all works well.

Now, after i logout, then re-authenticate again - from now on Google keeps asking me for "offline access":

I've not asked for offline access scope, so confused why Google is asking for this?

Confirmed the URL looks fine:

https://accounts.google.com/o/oauth2/auth?scope=openid profile email&response_type=code&redirect_uri=https://localhost:44301/core/signin-google&state=xxx&client_id=111.apps.googleusercontent.com&hl=en-GB&from_login=1&as=676f55265a78c036&authuser=0

So exactly the same URL as the first request.

I have tried:

1. Turned on Google+ API in API console
2. Tried adding &prompt=auto (causes error "Invalid parameter value for prompt: Invalid prompt: auto")
3. Tried adding access_type=online (even though this is the default, if not provided).
4. Tried adding approval_prompt=auto

None of those techniques have worked.

Any ideas?

Answer 1

Appeared to be localhost issue. Once deploy to server, worked fine :/