From aaccbc9213b0974828f81aaac109d194880e3014 Mon Sep 17 00:00:00 2001
From: Bobby DeSimone <bobbydesimone@gmail.com>
Date: Tue, 9 Apr 2019 03:31:09 +0000
Subject: [PATCH] google: update ApprovalForce to use openid connect friendly
 prompt=consent

It looks like in 2016 or so` approval_prompt=force` was replaced with the open id connect friendly `prompt=consent`.

See:
- https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- https://developers.google.com/identity/sign-in/web/reference#gapiauth2offlineaccessoptions
- https://github.com/googleapis/oauth2client/issues/453
- https://github.com/pomerium/pomerium/pull/82

Change-Id: Iad2d533f451a70b2941aafd11c9b7272026a2f16
GitHub-Last-Rev: d6d10ceec8cf703bb88c8201867bacdee238fa04
GitHub-Pull-Request: golang/oauth2#379
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/171123
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
---
 oauth2.go      | 2 +-
 oauth2_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth2.go b/oauth2.go
index 428283f..291df5c 100644
--- a/oauth2.go
+++ b/oauth2.go
@@ -117,7 +117,7 @@ var (
 	// ApprovalForce forces the users to view the consent dialog
 	// and confirm the permissions request at the URL returned
 	// from AuthCodeURL, even if they've already done so.
-	ApprovalForce AuthCodeOption = SetAuthURLParam("approval_prompt", "force")
+	ApprovalForce AuthCodeOption = SetAuthURLParam("prompt", "consent")
 )
 
 // An AuthCodeOption is passed to Config.AuthCodeURL.
diff --git a/oauth2_test.go b/oauth2_test.go
index 588600b..b7975e1 100644
--- a/oauth2_test.go
+++ b/oauth2_test.go
@@ -43,7 +43,7 @@ func newConf(url string) *Config {
 func TestAuthCodeURL(t *testing.T) {
 	conf := newConf("server")
 	url := conf.AuthCodeURL("foo", AccessTypeOffline, ApprovalForce)
-	const want = "server/auth?access_type=offline&approval_prompt=force&client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&response_type=code&scope=scope1+scope2&state=foo"
+	const want = "server/auth?access_type=offline&client_id=CLIENT_ID&prompt=consent&redirect_uri=REDIRECT_URL&response_type=code&scope=scope1+scope2&state=foo"
 	if got := url; got != want {
 		t.Errorf("got auth code URL = %q; want %q", got, want)
 	}