Search code examples
oauth-2.0openid-connectauth0google-account

How to force account selection when using social provider login in Lock

I am having trouble clearing the last login when using social providers.

Currently using Lock with the following options:

var options = {
   rememberLastLogin: false,
   auth: {
      sso: false,
      redirect: false
   }
};

var lock = new Auth0Lock('clientID', 'account.auth0.com', options);

The issue is that when executing the next steps it always logins with the same account:

  1. Call lock.show
  2. Select social login provider (Google)
  3. Attempt login with account A [non authorized account]
  4. Lock shows "You are not allowed to access this application." [expected result]
  5. Click Google button again and it still tries to log into the same account A (Lock does not offer a way to try different login from same social provider)
  6. Close Lock and reopen it
  7. Click Google button and it still uses same login account A (no option to enter new account)

What can I do to be able to select a different account?

Solution

  • When you use a social login provider the automatic sign-in is handled by the provider in question. Disabling the sso option and rememberLastLogin will mean Auth0 will not try to login you automatically or provide any information about who login for the last time.

    When you login with Google the first time, Google created a session and next requests will automatically use that session by default.

    However, Google supports an option that will allow you to choose the behavior you want, in this case it seems you want for the user to be able to select another account, which can be accomplished by passing the following option prompt=select_account (see other options here) in the Google login request.

    You can achieve this in Auth0 Lock by providing this option in the auth.params object. Updated example below:

    var options = {
    rememberLastLogin: false,
    auth: {
        sso: false,
        redirect: false,
        params: { prompt: 'select_account' }
    }
};

var lock = new Auth0Lock('clientId', '[tenant].auth0.com', options);