Search code examples
javascriptreactjselectrongoogle-authentication

Google OAuth2 login asks always for users access permissions

NOTE I found a lot of similar questions on this topic but no one of them was helpful so I decided to ask a question with the code example.

I am using the Electron desktop app and users are authenticated via Google auth with their google accounts.

Problem is that on every logout users get asked for allowing access permissions for the app.

onLogin = async () => {
    if (!this.state.config || this.authWindow) return;
    try {
      const code = await this.openLoginWindow();
      const { data } = await this.getAccessToken(code);
      this.onGoogleLoginSuccess(data.id_token);
    } catch(err) {
      log.error(err);
      this.onGoogleLoginFailure();
    }
  }

openLoginWindow = () => {
    return new Promise((resolve, reject) => {
      const { isDev, ELECTRON_GOOGLE_ID } = this.state.config;

      const authWindow = this.authWindow = new electron.remote.BrowserWindow({
        width: 500,
        height: 600,
        show: true,
        parent: electron.remote.getCurrentWindow(),
        modal: true
      })

      if (!isDev) {
        authWindow.webContents.session.cookies.remove('https://accounts.google.com', 'SID', () => {});
      }

      const urlParams = {
        response_type: 'code',
        redirect_uri: GOOGLE_REDIRECT_URI,
        client_id: ELECTRON_GOOGLE_ID,
        scope: 'profile email',
      }

      authWindow.webContents.on('will-navigate', (event, url) => {
        this.onRedirect(url, authWindow, resolve, reject);
      });

      authWindow.webContents.on('did-get-redirect-request', (event, oldUrl, newUrl) => {
        this.onRedirect(newUrl, authWindow, resolve, reject);
      });

      authWindow.webContents.on('will-redirect', (event, url) => {
        this.onRedirect(url, authWindow, resolve, reject);
      });

      authWindow.on('close', () => this.authWindow = null);

      authWindow.loadURL(`${ GOOGLE_AUTHORIZATION_URL }?${ qs.stringify(urlParams) }`);
    });
  }

getAccessToken = code => {
    return axios.post(GOOGLE_TOKEN_URL, qs.stringify({
      code,
      client_id: this.state.config.ELECTRON_GOOGLE_ID,
      redirect_uri: GOOGLE_REDIRECT_URI,
      grant_type: 'authorization_code',
    }), {
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      withCredentials: false
    })
  }

Do you see something wrong in this code?

Solution 
  • const urlParams = {
        response_type: 'code',
        redirect_uri: GOOGLE_REDIRECT_URI,
        client_id: ELECTRON_GOOGLE_ID,
        scope: 'profile email',
        providerParams: {
         access_type: 'offline',
         prompt: 'select_account'
         }
      }

    Can you try once using this urlParams object ?