Force google account chooser

Asked 17/1, 2013 at 17:8 Answered 18/6, 2019 at 9:21

Is there is a way I can force the google account chooser to appear even if the user is logged in just with one account.

I have tried by redirecting to this URL:

https://accounts.google.com/AccountChooser?service=lso&continue=[authorizeurl]

and it seems to work, but I don't know if there are any other conditions in which it might fail.

enter image description here

Mafalda answered 17/1, 2013 at 17:8 Comment(0)

111

The following parameter is supported in OAuth2 authorization URLs:

prompt

Currently it can have values none, select_account, and consent.

none: Will cause Google to not show any UI, and therefore fail if user needs to login, or select an account in case of multi-login, or consent if first approval. It can be run in an invisible i-frame to obtain a token from previously authorized users before you decide, for instance, to render an authorization button.
consent: Will force the approval page to be displayed even if the user has previously authorized your application. May be useful in a few corner cases, for instance if you lost the refresh_token for the user, as Google only issues refresh_tokens on explicit consent action.
select_account: Will cause the account selector to display, even if there's a single logged-in user, just as you asked.

select_account can be combined with consent, as in:

prompt=select_account consent

Bump answered 18/1, 2013 at 6:24 Comment(12)

Is 'approval_prompt=force' the same than 'prompt=consent'? Thanks – Disconcert 18/1, 2013 at 11:28

Yes, but unlike prompt=consent it can't be combined with the option for 'select_account'. Use 'prompt' instead if writing new code now. – Bump 23/1, 2013 at 7:12

Is there a way to force login with gmail accounts (like hd=gmail.com)? – Adnate 25/1, 2013 at 7:15

@woloski, yes, hd=default should restrict to gmail accounts – Hermilahermina 29/8, 2013 at 2:36

I get select_account screen but it has no remove button. How do i remove an account if i have to ? – Weary 16/10, 2014 at 6:14

Google Documentation and Options/Parameters developers.google.com/accounts/docs/… – Recriminate 15/11, 2014 at 21:12

prompt=select_account+consent does not work, you'll want to use prompt=select_account consent ------ docs: developers.google.com/accounts/docs/OpenIDConnect – Aylsworth 13/2, 2015 at 21:46

select_account+consent is probably the URL encoded value. I think the answer should show a space delimited string instead, as documented. – Hixon 14/3, 2016 at 23:1

If you are following the latest tutorial at developers.google.com/identity/sign-in/web/… you can also add it to your button generation div. <div class="g-signin2" data-width="300" data-height="50" data-longtitle="true" data-onsuccess="onSignIn" data-theme="dark" data-prompt="select_account"></div> – Trilemma 27/3, 2016 at 0:53

This does NOT require the user to authenticate again. There is no password prompt and any person can click on the user account and authorize. How the hell is this secure on a public computer? Can anyone please tell me how I force the user to submit his password again when signing in after he signed out? – Dauphine 9/6, 2018 at 13:30

@HugoCox Well, oauth2 is not about authentication, it's about authorization. You have no way to force google to require their users to login again. You can only require users to consent, or choose account. It's on Google to require authentication if user is not authenticated, you can only control authorization since your client is relying party not token issuer. Hope it clears it a little bit. – Priddy 29/6, 2019 at 11:36

here is link to see the full api, for javascript: developers.google.com/identity/protocols/oauth2/… – Cerenkov 21/3, 2020 at 17:8

Also, you can add "prompt" parameter in HTML tags as data-prompt="select_account":

<div class="g-signin2" data-onsuccess="onSignIn" data-prompt="select_account">

and it will force account chooser every time, even if you are logged in with only one account

Ambivalence answered 22/8, 2016 at 13:10 Comment(2)

Not working for me,

<div class="g-signin2" data-scope="profile email" data-width="298" data-onsuccess="onSignIn" data-prompt="select_account" ></div>

but onSignIn still called every time – Calices 6/3, 2018 at 15:19

@BenjaminPoignant Your problem (success handler instantly called on page load) is slightly different to the one this question is about (although your confusion is understandable). As https://mcmap.net/q/297448/-preventing-automatic-sign-in-when-using-google-sign-in notes, you need to use gapi.auth2.getAuthInstance().signOut(); to sign the user out of your app. This question is about how, having done that, to ensure that when the user clicks the login button again they get a chance to choose which Google account to sign in as, rather than instantly using their current Google account as soon as the sign-in button is clicked. – Extraterritoriality 30/11, 2018 at 16:17

Some people may end up here looking for an answer about how to do this in Microsoft.AspNetCore.Authentication.

We were able to accomplish it via the following code in the Startup.ConfigureServices method:

services.AddAuthentication()
  .AddGoogle(options =>
  {
      options.ClientId = configHelper.GoogleOAuthClientID;
      options.ClientSecret = configHelper.GoogleOAuthSecret;
      options.CallbackPath = "/signin-google";
      options.AuthorizationEndpoint = string.Concat(options.AuthorizationEndpoint, "?prompt=select_account");
  });

Eolanda answered 29/3, 2018 at 14:56 Comment(0)

For google api php client (https://github.com/google/google-api-php-client) you manage to do that as following:

$client = new Google_Client();
$client->setApprovalPrompt("force");
$client->createAuthUrl();

Rainarainah answered 18/6, 2019 at 9:21 Comment(0)

If you are using gapi than just add prompt: 'select_account'
Example:

gapi.load('auth2', function () {
            gapi.auth2.init({
                client_id: "client_id.apps.googleusercontent.com",
                scope: "profile email", // this isn't required
                ux_mode: 'redirect',
                redirect_uri: 'https://www.example.com',
                prompt: 'select_account'
            }).then(function (auth2) {
                console.log("signed in: " + auth2.isSignedIn.get());
                x = auth2.isSignedIn.get();
                auth2.isSignedIn.listen(onSignIn);
                var button = document.querySelector('#signInButton');
                button.addEventListener('click', function () {
                    auth2.signIn();
                });
            });
        });

Knuth answered 29/3, 2019 at 6:19 Comment(0)

Recommended topics

Hot tags