What we're trying to do:
Get a user to log in via the authorization code grant flow to obtain their access/refresh token to get access to some of their pagerduty "workspace or team" data.
How it works right now:
To login using PagerDuty's OAuth flow, users start at this URL:
https://identity.pagerduty.com/oauth/authorize?client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&scope=<SCOPES>&response_type=code
This works fine, especially if you belong to only one pagerduty workspace.
But if you belong to multiple, it's possible you may select the incorrect one by mistake.
If you wish to re-authenticate and choose a different account, the previous account selection is persisted and you're unable to choose a different one at all, since it automatically takes you to the consent screen to allow, or not.
Or if you have allowed before, that may be persisted in some form as well, and it might automatically take you all the way to the redirect_uri without your input needed. (Not exactly uncommon, we've seen this happen with other providers too)
What we've tried:
I somehow ran into the query param prompt=select_account that I could use at the end of the aforementioned URL, and this definitely has some effect.
When this is supplied, the auth flow fails with this error:
Account selection choice is required but can not be obtained.
I've randomly thrown a bunch of other values at the prompt query param to no avail.
Now, as the title states:
How do I let a user go through the OAuth flow, but be prompted to select an account every time?
