Thanks for exposing us the API to work with Asana!
I have a question. If some user is already logged in at Asana, redirecting them to https://app.asana.com/-/oauth_authorize just makes Asana to silently create a Code and send it back to redirect_uri.
Is there some parameter for oauth_authorize to force Asana to show login screen (or some confirmation screen) in ALL cases to give the user a chance to double-check that they’re connecting the right account (and possibly connect another one)?
Other services support such things: e.g. in Google OAuth it’s enough to pass prompt=consent, and boom, the consent screen (with list of permissions granted etc.) is shown every time. Also GitHub shows the window with the user’s name; Dropbox] shows a window where the user chooses, which account they want to connect, etc.