I am using OAuth 2.0 with scope plus.login.
To handle multiple input, I would like to use a parameter login_hint. The request looks like
https://accounts.google.com/o/oauth2/auth?
redirect_uri=https://developers.google.com/oauthplayground&
response_type=code&
client_id=407408718192.apps.googleusercontent.com&
scope=https://www.googleapis.com/auth/plus.login&
login_hint=user@gmail.com
It works in most cases, but I run into a problem in a very specific situation:
if the account indicated by the symbol login_hintis
- currently signed but
- not the main account, but
- not updated to google +
the user is redirected, as expected, to the Google+ update form, but after a short period of time is redirected to the page again Error 400 Unauthorized request.
Is this the expected behavior?
:
,
https://plus.google.com/up?continue=...
https://plus.google.com/u/$i/up?continue=...