OAuth Flow `prompt` Parameter Should Be Configurable

[rithuraj-techolution]

Bug Report: OAuth Flow prompt Parameter Should Be Configurable

---

Describe the bug

In the current OAuth flow, the prompt parameter is hardcoded to consent.
This should instead be configurable and taken as input from the user (or application context).

Reason: Some permissions are granted at the application level, while individual users may not have those permissions. In such cases, users are unnecessarily redirected to the consent page. Ideally, they should be silently authenticated (prompt=none) when possible to ensure a smoother authentication experience.

---

To Reproduce

Steps to reproduce the behavior:

1. Create an SPN on Microsoft Azure and set up an OAuth flow for SharePoint.
2. Grant Sites.Read.All permission from the Admin account to the application (Application Permission, not Delegated Permission).
3. As a normal user, try using this Agent with the SharePoint Connector.
4. The user is asked for admin access each time, because prompt=consent is appended to the URL.

---

Expected behavior

• The prompt query parameter should be configurable when setting up authentication for the tool.

• Since this value is hardcoded in AuthHandler, scenarios like the one described become difficult to handle.

• Expected behavior:

  • Allow silent authentication (prompt=none) when possible.
  • Redirect to consent screen only if explicitly required.

---

Desktop (please complete the following information):

• OS: macOS
• Python version: 3.13.3
• ADK version: 1.15.0

---

Model Information

• Using LiteLLM: No
• Model: gemini-2.5-flash

---

Additional context

• If prompt=none is set manually, the following error occurs:

  Auth Code not found

• The parsing of the Auth Code returns null. While the code can be parsed from the URL, there may be a cleaner and more reliable way to handle this.

---

✅ Proposed Fix:

• Make the prompt parameter configurable in AuthHandler.
• Provide options like consent, none, login based on user/application context.
• Ensure Auth Code parsing works correctly even when prompt=none is used.

[babeal]

We are running into the same issue and came here to +1. This doesn't just apply to application permissions but also delegated permissions that require admin consent that have been granted by an admin to the OAUTH client on behalf of the organization. Because prompt=consent is hardcoded in its authentication request, Entra ID will always display the consent prompt overriding any existing consent status, and the user will be unable to consent because they aren't an admin.

[diabllos]

Same thing here, for test we just have changed it to none. However without this, we won't be able to go into prod with it. +1

[BoyuanZhangDE]

@boyangsvl May I know if this still help wanted & could I take it?

[boyangsvl]

@boyangsvl May I know if this still help wanted & could I take it?

I have assigned to you. Thanks for the help and sorry about the delay.

[BoyuanZhangDE]

@boyangsvl May I know if this still help wanted & could I take it?

I have assigned to you. Thanks for the help and sorry about the delay.

Not a problem & Thanks for the assignment! let me start working on this.