Issue with prompt=select_account Parameter in Google OAuth2 Integration

Question

Issue with prompt=select_account Parameter in Google OAuth2 Integration

Wichai Damalee 0

Hello,

I am currently integrating Google OAuth2 authentication within my application using the following configuration:
<ClaimsProvider>

<Domain>google.com</Domain>

<DisplayName>Google</DisplayName>

<TechnicalProfile Id="Google-OAuth2">

  <DisplayName>Google</DisplayName>

  <Protocol Name="OAuth2" />

  <Metadata>

    <Item Key="ProviderName">google</Item>

    <Item Key="authorization_endpoint">https://accounts.google.com/o/oauth2/auth</Item>

    <Item Key="AccessTokenEndpoint">https://accounts.google.com/o/oauth2/token</Item>

    <Item Key="ClaimsEndpoint">https://www.googleapis.com/oauth2/v1/userinfo</Item>

    <Item Key="scope">email profile</Item>

    <Item Key="HttpBinding">POST</Item>

    <Item Key="UsePolicyInRedirectUri">false</Item>

    <Item Key="client_id">804053418488-rjthnfhiva8bmi2u6bagremmms4gr76p.apps.googleusercontent.com</Item>

    <Item Key="AdditionalRequestQueryParameters">prompt=select_account</Item>

  </Metadata>

</TechnicalProfile>
```  </TechnicalProfiles>

</ClaimsProvider>

  
However, I am encountering an issue where the `prompt=select_account` parameter does not seem to function as expected. Users are not prompted to select an account, and instead, they are redirected automatically.

Could you please provide guidance or best practices for resolving this issue or help identify if there is a correct way to configure the `prompt=select_account` parameter for Google OAuth2 in Azure AD B2C?

Thank you for your assistance.

Best regards,

1 answer

Your answer

Answer 1

Navya 19,795 Microsoft External Staff Moderator

Hi @Wichai Damalee

Thank you for posting this in Microsoft Q&A.

I understand that you are trying to use the prompt=select_account parameter in the Google OAuth2 integration, but users are not prompted to select an account and are instead redirected automatically.

As mentioned in this document, the OAuth 2.0 authorization code flow in Azure Active Directory B2C only supports prompt=login to avoid single sign-on.

User's image

For your reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Wichai Damalee 0 Reputation points

2024-11-27T04:40:45.9866667+00:00

Thank you for your response, but my issue is with the B2C custom policy parameter AdditionalRequestQueryParameters in the policy. It does not work as expected.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/oauth2-technical-profile
Wichai Damalee 0 Reputation points

2024-11-27T04:41:59.1366667+00:00

Navya https://learn.microsoft.com/en-us/azure/active-directory-b2c/oauth2-technical-profile
Navya 19,795 Reputation points Microsoft External Staff Moderator

2024-11-27T21:58:43.91+00:00

Hi Wichai Damalee Thank you for following up on this!

Custom policies are designed to provide flexibility in customizing the user experience and UI. The AdditionalRequestQueryParameters can be used to send additional parameters to the OAuth2 provider, but it cannot change the standard values or parameters that are not supported by Azure AD B2C. Could you please try replacing prompt=select_account with prompt=login and see if you notice any issues?
Wichai Damalee 0 Reputation points

2024-11-28T04:34:53.5333333+00:00

Hi,

The AdditionalRequestQueryParameters property with ?prompt=select_account is the only extra parameter to pass to the external provider (it is not passed to Azure AD OAuth2).

The prompt=select_account parameter should be appended to the URL.

However, the issue is that Azure AD B2C custom policies do not append this configuration when building the Google OAuth2 request. Is this a bug in Azure AD B2C?

Wichai Damalee 0

AdditionalRequestQueryParameters	=>	Extra request query parameters. For example, you may want to send extra parameters to your identity provider. You can include multiple parameters using comma delimiter.

Navya 19,795 Reputation points Microsoft External Staff Moderator

2024-11-29T20:09:09.9633333+00:00

Hi Wichai Damalee

Based on the information you provided; it seems that the issue is that Azure AD B2C custom policies do not append the "prompt=select_account" configuration when building the Google OAuth2 request.

Can you collect a network trace when perform the request and send us an email on azcommunity [at] microsoft [dot] com with Sub - "ATTN: Navya" https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-network-trace

Share via

Issue with prompt=select_account Parameter in Google OAuth2 Integration

1 answer

Your answer