Reproduction Steps:
- Generate the https://airtable.com/oauth2/v1/authorize endpoint with the expected query string parameters specified in the authorization reference
- Open an incognito browser window (In my case I used Google Chrome 64-bit Version 87.0.4280.141 on Windows) and paste the link in step 1.
- You are taken to a login prompt as expected
- Enter your email, and you are then moved to a "Verify it's you" security prompt, complete the actions
- You are then taken back to the login prompt where you can enter your password
- After entering your password, you are then redirected to the home page of the account you logged into
- In order to continue with the authorization workflow, you have to re-enter the authorization URL generated in Step 1 into the same browser window session, which then takes you to the page to verify/accept scopes and access of your OAuth 2.0 application
- Then you are redirected back to the specified redirect URI where you can complete the flow required to get an access token.
Expected
In Step 6, you should immediately be sent to the page that asks you to verify/accept scopes of your OAuth 2.0 application, instead of just taking the user to the home page of their Airtable account. The current behaviour causes problems for implementations/consumers of Airtable OAuth 2.0 that expect to be able to complete the authorization flow by only initiating the request in Step 1 once.
