question

deepseed avatar image
deepseed asked deepseed commented

How to require a signin during OAuth process

My app allows a user to create connections to multiple Clover accounts (Merchant IDs) for the purpose of aggregating reports across devices/locations.

A problem occurs in the OAuth process when a user is already logged into Clover for a Merchant ID but wants to create a connection to a different Merchant ID. In this scenario, Clover does NOT prompt the user to sign in during the OAuth process. The result is a connection to the wrong Merchant ID.

Some OAuth implementations (like Google's API) support the "&prompt=login" parameter in the OAuth authorization request (/oauth/v2/authorize for Clover), which requires the user to sign in even if they already are. However, this parameter does not appear to work for Clover.

Are there any workarounds for this issue? It doesn't appear possible to "force" a Clover logout before starting the OAuth process or to initiate the OAuth process in an "Incognito" mode.

Any ideas are welcome. Thanks in advance.

OAuth
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
deepseed avatar image
deepseed answered

Another detail to add...

As a potential workaround, I asked users to log out of the Clover dashboard if they were already logged in. However, if they were not logged in, this does not work.

The only successful workaround is to ask the user to login to the Clover dashboard (if they weren't already) and then log out. The logout process seems to always force a login during the subsequent OAuth process. But an auto-logout (due to time, for example) is not sufficient.

This is a terrible user experience. Any alternative solutions would be greatly appreciated.

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jcy avatar image
jcy answered deepseed commented

My method is to use the backend to piece together the URL, like this,


https://www.clover.com/oauth/v2/authorize?client_id=xxxxxx&redirect_uri=xxxxxx


Then use chrome to open a new incognito mode,

You will be asked to log in, then select Merchant.

Then close all the web page in incognito mode,

When opening a new one, you will be asked to log in again.

But I only have one clover account,

Not sure if it will work when using different client_id

1 comment
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

deepseed avatar image deepseed commented ·
Thank you for the response, but I'm trying to find a way to do this programmatically on the server side. I don't believe there's any way to force Incognito (or Private) mode in a browser from a back-end process. I'd love to be wrong about this.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community