Forcing calendy oauth consent

Question

Hi Calendly Support Team,I hope this message finds you well.I am currently integrating Calendly’s OAuth flow into my application, and I would like to ensure that the OAuth consent screen appears every time a user logs in, regardless of whether they have previously authorized the application.As per the documentation and standard OAuth practices, I’ve included the prompt=consent parameter in the authorization URL as shown below:  However, despite this, the consent screen is not being shown consistently. Instead, users are often redirected immediately without being prompted to approve permissions again.Could you please confirm:	If prompt=consent is supported by Calendly’s OAuth flow?			If there is any additional parameter or setting required to force the consent screen on every authentication attempt?	Any guidance or clarification would be greatly appreciated.Best regards,Sammy Abdulrahman

trevor.lampe · Answer

Hi Sammy,Thanks for the detailed question.What you’re trying to do is force the Calendly OAuth consent screen to appear on every authorization attempt, even for users who have already approved the app.Based on the current OAuth behavior, users are shown the consent screen when they first connect the app, and they are prompted again if the app later requests additional scopes. Calendly’s OAuth scope requirements also indicate there is no separate “update scopes” flow, so when additional scopes are needed the app must re-prompt through OAuth.I’m not seeing documentation that confirms support for prompt=consent as a way to force the consent screen on every login, and I’m also not seeing a documented additional parameter or setting that would require the consent screen to appear again on every authentication attempt.If a user has already authorized the app and the requested access has not changed, the current flow may redirect them without showing the consent screen again. If you need the user to review permissions again, the most reliable option today would be to revoke the existing authorization and reconnect the app. Calendly’s Connected Apps experience supports revoking an app authorization, which removes its tokens and webhooks.I hope this helps clarify the current behavior.

Sign up

Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.

Login to the community

Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.

Scanning file for viruses.

This file cannot be downloaded