In oauth authorization URL, force showing of the login form

#1

Hi.

Thanks for exposing us the API to work with Asana!

I have a question. If some user is already logged in at Asana, redirecting them to https://app.asana.com/-/oauth_authorize just makes Asana to silently create a Code and send it back to redirect_uri.

Is there some parameter for oauth_authorize to force Asana to show login screen (or some confirmation screen) in ALL cases to give the user a chance to double-check that they’re connecting the right account (and possibly connect another one)?

Other services support such things: e.g. in Google OAuth it’s enough to pass prompt=consent, and boom, the consent screen (with list of permissions granted etc.) is shown every time. Also GitHub shows the window with the user’s name; Dropbox] shows a window where the user chooses, which account they want to connect, etc.

2 Likes
#2

Hi @Dimitri_Ko, Asana’s OAuth flow does indeed have a parameter for this: display_ui. If your app redirects the user to Asana’s authorization endpoint and includes display_ui=always in the URL parameters, the user will be shown the authorization dialog even if they have previously authorized the app.

3 Likes