We’re integrating the GitLab service on our platform so that our users can sign in to their GitLab account through the OAuth 2.0 flow.
But things get complicated in the following case:
Step 1: Redirected to the GitLab page to allow access from our service.
Step 2: The user selects “sign in with Google”
Step 3: The user chooses a Google account that has not been signed up for GitLab.
-> If the user’s starting point were from the GitLab site, they would be prompted to allow access to their Google account.
However, in the case the user starts sign-in from our service, they’re redirected to our service without going through the consent page. Although an access token is successfully issued, a subsequent API request for getting user information from the GitLab account fails with a 403 error because the user has never approved access to the selected Google account.
Is there any solution to cope with this?