How can I prevent google login to automatically login with the latest chosen account?
I would like to have the option to choose which google account to sign in/up with
2 Replies
Hi @Gus. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the knowledge sources provided, there isn't specific information about preventing Google login from automatically using the last chosen account in Wasp. This behavior is typically controlled by Google's authentication system rather than Wasp itself.
Wasp provides integration with Google authentication through its social auth methods, but the documentation doesn't mention configuration options for controlling the Google account selection behavior.
What Wasp does offer is the ability to customize the authentication flow through the
configFn option, which might potentially be used to modify how the Google authentication behaves, but there are no explicit examples of using this to force the account selection dialog.
If you need more control over the Google authentication process, you might want to:
1. Check if there are any Google OAuth specific parameters that can be passed through Wasp's configuration
2. Consider implementing a custom authentication flow if the default behavior doesn't meet your requirements
For more details about Google authentication in Wasp, you can refer to the Google social auth documentation, though it doesn't specifically address your question about account selection.
I recommend asking this question in the Wasp Discord community where the developers might be able to provide more specific guidance on this use case.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Gus, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@Gus I think this is more of a Google Oauth scope than WASP, I could be wrong, but from all of the Google services I use.. the only time I have the chance to choose which account to "sign in" w/ Google auth, is when I'm signed out of my google account / my Google session has expired.
I have this issue all the time when sharing access restricted Google sheets w/ clients who have multiple Gaccounts in their browser.
They complain that they can't access the resources and I have to explain they'll need to make sure they're not signed into any other accounts/if they are, they need to change the browser profile to the Gaccount with access.
I had this exact issue when building a Google Workspace Marketplace plugin in the past too.. while there was no "login" page for the plugin, setting the scope & google Oauth config was very much the same. The plugin sometimes wouldn't work/show up in the Google sheet if the user was signed into more than one google account at a time, depending on what account Google detected as the currently signed in "default" account for Oauth.
Same deal, had to explain to end-users to make sure they've signed out of any other account prior to using the plugin if they're getting 403 issues/the plugin disappears.
If I'm wrong, pls let me know!
Would be cool, as a workaround to solve this UX issue, if a user could authenticate multiple Google accounts to the same user entity for the WASP webapp auth, but this would probably require extensive reworking of how WASP's pre-build Auth works, as well as non trivial changes to the user dashboard, sign in screen, account creation screen. Also have the issue of figuring out how to attribute a new Gaccount w/ an existing user..
would likely need to require a user to register with a phone number + email in the registration screen THEN give them the option to create the account w/ a password OR sign-in with Google.
Then for any subsequent logins, the first step for the user would always be for the user to enter their phone number/email AND then:
-> check for existing Google auth
--> if true and user is signed into the correct account = successful login.
--> if true and user is NOT signed into the correct account = allow them to use their existing Gauth account OR associate a new Gaccount w/ their user, however, you'd then need to send 2fa confirmation link to the original phone number/email prior to new Gaccount association = success, lest anyone could just register auth to an existing account.
One consideration I'd definitely make when designing this process is ensuring account enumeration can't be achieved through any of the dialogue in the login process.
IMO, it's more work than it's worth, but would be super cool!