If you look at Google's API<https://developers.google.com/accounts/docs/OAuth2WebServer>, they have a parameter named approval_prompt which can be "force" or "auto":
Description: *Indicates if the user should be re-prompted for consent. The default is auto, so a given user should only see the consent page for a given set of scopes the first time through the sequence. If the value is force, then the user sees a consent page even if they have previously given consent to your application for a given set of scopes.* * * I guess that's one way to solve it :) On Fri, Aug 3, 2012 at 3:23 PM, Jérôme LELEU <[email protected]> wrote: > Said like that, I feel totally stupid... but it's not totally without > their consent, they previously clicked on the "Authenticate at the OAuth > provider" link... > > I understand that it's mandatory. > > Thanks, > Jérôme > > > > 2012/8/3 Doug Tangren <[email protected]> > >> >> What are the security concerns about not having such "Allow / disallow" >>> screen ? >>> >> >> Obtaining access to a user's data without their consent? >> > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
