Why does Live connect always prompts for giving consent?

Question

I want to authorize my users with Windows Live. I use the windows Live Connect 5.0 SDK for this. I am using a WPF WebBroser control to get a token but it always prompts for consent.

I let the webbrowser navigate to the following link:

https://oauth.live.com/authorize?client_id=CLIENT_ID&response_type=token&scope=wl.signin%20wl.basic&redirect_uri=https://oauth.live.com/desktop

with the client id as my application id. And I watch for navigation to the redirect url. I mostly don't need to login. But each time I need to give Consent for the two scopes.

The weird thing is, that when I look in to the app's I have given Consent both scopes are checked.

Also when I use another url for silent logging in:

https://oauth.live.com/authorize?client_id=CLIENT_ID&response_type=token&scope=wl.signin%20wl.basic&redirect_uri=https://oauth.live.com/desktop&display=none

I get an error that the user hasn't given consent for wl.signin and wl.basic.

Answer 1

Unlike Facebook's OAuth implementation checking the checkbox will not remember consent on the WL server, but rather give you long lived refresh token which you can exchange for access token.

Flow:

• if have refresh token saved - try to get access token based on refresh one ( http://msdn.microsoft.com/en-us/library/ff752395.aspx ), otherwise:
• show consent dialog
• get access and refresh tokens ( http://msdn.microsoft.com/en-us/library/ff750952.aspx )
• save refresh token securely on your server - the refresh token is close equialent of enencrypted user name+password. If you can't store securely you have to live with consent dialog.