No prompt for re-authentication with OAUth2. Why and how to force it?

Question

I would like to understand something please. I have an application based on oAuth2 with Google Accounts.

So, teh first time I connect to this website, I am redirecte

Answer 1

You can actually force re-authentication in the Google OAuth api by passing &max_auth_age=0 to the auth URL.

Source:

Use the PAPE extension for further control of user authentication (optional) Use the max_auth_age parameter in the PAPE extension to ensure that the login session of the user at Google is recent. You may also specify max_auth_age=0 to force a password reprompt.

https://developers.google.com/accounts/docs/OpenID

It's a bit confusing because they talk about OpenID, but I'm doing this successfully with Google's provided OAuth2 libs.