I’m developing a new application and I’m getting the “consent” screen more than once when testing locally.
My current flow is:
Try the login with none as prompt
When I get an error in the callback URL I retry the authorization with consent as prompt
However after the access token expires after 1 hour, and I login again I also have to give consent again. I can see in the bottom of the consent screen that 1 user has given consent (me). So it is stored that I already have given consent. I’m aware that I can request another access token with a refresh token, but I don’t understand why consent is asked again without changes in scopes.
Is this expected behavior? I can’t find any information about that in the docs.
It seems the implementation is slightly incorrect.
Here it looks like, on access token expiration, the user is directed to consent screen again. Ideally, once the access token is expired, you should try to get it again using refresh token. If the access token is not received using refresh token, then the user will have to go through the consent flow again.