aspnet
diff --git a/‎src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs‎
Lines changed: 5 additions & 3 deletions b/‎src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs‎
Lines changed: 7 additions & 1 deletion b/‎test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs‎
Lines changed: 7 additions & 1 deletion
@@ -87,18 +87,20 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
  // TODO: Abstract this properties override pattern into the base class?
  protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
  {
- var scope = FormatScope();
+ // Google Identity Platform Manual:
+ // https://developers.google.com/identity/protocols/OAuth2WebServer
 
  var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
  queryStrings.Add("response_type", "code");
  queryStrings.Add("client_id", Options.ClientId);
  queryStrings.Add("redirect_uri", redirectUri);
 
- AddQueryString(queryStrings, properties, "scope", scope);
-
+ AddQueryString(queryStrings, properties, "scope", FormatScope());
  AddQueryString(queryStrings, properties, "access_type", Options.AccessType);
  AddQueryString(queryStrings, properties, "approval_prompt");
+ AddQueryString(queryStrings, properties, "prompt");
  AddQueryString(queryStrings, properties, "login_hint");
+ AddQueryString(queryStrings, properties, "include_granted_scopes");
 
  var state = Options.StateDataFormat.Protect(properties);
  queryStrings.Add("state", state);
 
@@ -43,8 +43,10 @@ public async Task ChallengeWillTriggerRedirection()
  Assert.Contains("&state=", location);
 
  Assert.DoesNotContain("access_type=", location);
+ Assert.DoesNotContain("prompt=", location);
  Assert.DoesNotContain("approval_prompt=", location);
  Assert.DoesNotContain("login_hint=", location);
+ Assert.DoesNotContain("include_granted_scopes=", location);
  }
 
  [Fact]
@@ -177,7 +179,9 @@ public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
  { "scope", "https://www.googleapis.com/auth/plus.login" },
  { "access_type", "offline" },
  { "approval_prompt", "force" },
- { "login_hint", "test@example.com" }
+ { "prompt", "consent" },
+ { "login_hint", "test@example.com" },
+ { "include_granted_scopes", "false" }
  }));
  }
 
@@ -189,6 +193,8 @@ public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
  Assert.Contains("scope=" + UrlEncoder.Default.Encode("https://www.googleapis.com/auth/plus.login"), query);
  Assert.Contains("access_type=offline", query);
  Assert.Contains("approval_prompt=force", query);
+ Assert.Contains("prompt=consent", query);
+ Assert.Contains("include_granted_scopes=false", query);
  Assert.Contains("login_hint=" + UrlEncoder.Default.Encode("test@example.com"), query);
  }