From 0d636d5607465eed412a5deadcfefa04dffc13da Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 27 Nov 2023 10:56:00 +0800
Subject: [PATCH] fix(core): update google SSO connector prompt always
 select-account (#4961)

* fix(core): update google SSO connector prompt always select-account

google SSO connector prompt always select-account

* chore(core): update comment

update comment
---
 .../core/src/sso/GoogleWorkspaceSsoConnector/index.ts  | 10 +++++++++-
 packages/core/src/sso/OidcConnector/index.ts           |  4 +++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/packages/core/src/sso/GoogleWorkspaceSsoConnector/index.ts b/packages/core/src/sso/GoogleWorkspaceSsoConnector/index.ts
index 49a73b7fa..0a2b867f3 100644
--- a/packages/core/src/sso/GoogleWorkspaceSsoConnector/index.ts
+++ b/packages/core/src/sso/GoogleWorkspaceSsoConnector/index.ts
@@ -3,7 +3,7 @@ import { type SsoConnector, SsoProviderName } from '@logto/schemas';
 
 import OidcConnector from '../OidcConnector/index.js';
 import { type SingleSignOnFactory } from '../index.js';
-import { type SingleSignOn } from '../types/index.js';
+import { type CreateSingleSignOnSession, type SingleSignOn } from '../types/index.js';
 import { basicOidcConnectorConfigGuard } from '../types/oidc.js';
 
 // Google use static issue endpoint.
@@ -25,6 +25,14 @@ export class GoogleWorkspaceSsoConnector extends OidcConnector implements Single
     });
   }
 
+  // Always use select_account prompt for Google Workspace SSO.
+  override async getAuthorizationUrl(
+    payload: { state: string; redirectUri: string; connectorId: string },
+    setSession: CreateSingleSignOnSession
+  ) {
+    return super.getAuthorizationUrl(payload, setSession, 'select_account');
+  }
+
   async getConfig() {
     return this.getOidcConfig();
   }
diff --git a/packages/core/src/sso/OidcConnector/index.ts b/packages/core/src/sso/OidcConnector/index.ts
index f422a8f79..2f6eddc8e 100644
--- a/packages/core/src/sso/OidcConnector/index.ts
+++ b/packages/core/src/sso/OidcConnector/index.ts
@@ -54,7 +54,8 @@ class OidcConnector {
       redirectUri,
       connectorId,
     }: { state: string; redirectUri: string; connectorId: string },
-    setSession: CreateSingleSignOnSession
+    setSession: CreateSingleSignOnSession,
+    prompt?: 'login' | 'consent' | 'none' | 'select_account'
   ) {
     assert(
       setSession,
@@ -76,6 +77,7 @@ class OidcConnector {
         responseType: 'code',
         redirectUri,
       }),
+      ...conditional(prompt && { prompt }),
       scope: oidcConfig.scope,
     });