No prompt for re-authentication with OAUth2. Why and how to force it?

Question

I would like to understand something please. I have an application based on oAuth2 with Google Accounts.

So, teh first time I connect to this website, I am redirecte

Answer 1

It's hard to say, since it depends on what the flow was that as being executed.

Generally (with oauth) you weren't being prompted for authentication. You were being prompted for authorisation. Once you've authorised, you won't be prompted again, provided of course that the browser/google have some sort of session in existence which identifies the user.

When you say "delete my cookie", which cookie?

Yo can try going to this page https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en_GB and revoke the permission. That should then cause a repeat prompt.