I'm developing an integration with Google OAuth in C#.
I was previously using access_type=offline to get a refresh token. I was storing the token in a cookie and using it later to get a new access token. That was working perfect, the only problem comes when I close my google account session; since I still have the refresh token I still can access google information. I want the user to not be able to access any google information since the session is not longer valid. I need the user to authenticate again.
I decided that probably access_type=online was better since I only need to get the users email from google and from there is all related to my own system.
The problem I have right now is that Google is showing the user the approval consent screen all the time. Even if I use access_type=online and approval_prompt=auto. I don't know why is this happening because when I check here: https://security.google.com/settings/security/permissions?pli=1 I can see that my system already has been approved. Why is google asking for permissions again??? I don't want to use the refresh token because of the previous problem.
This is how Im bulding the request:
StringBuilder sb = new StringBuilder();
sb.Append("https://accounts.google.com/o/oauth2/auth");
sb.Append(string.Format("?response_type={0}","code"));
sb.Append(string.Format("&access_type={0}", "online"));
sb.Append(string.Format("&approval_prompt={0}", "auto"));
sb.Append(string.Format("&client_id={0}", "client" ));
sb.Append(string.Format("&redirect_uri={0}", "redirectURL"));
sb.Append(string.Format("&scope={0}", "email"));
WebRequest request = WebRequest.Create(sb.ToString());
I get the response code and with that I ask for an authorization code. That works perfect. When I close the tab and open again Google asks for the approval consent.
How can I avoid this?
