fix: change setApprovalPrompt to setPrompt (#1796)

bshaffer · web-flow · commit 2be3b2fe17ec · 2020-03-16T08:46:46.000-07:00
diff --git a/docs/oauth-web.md b/docs/oauth-web.md
@@ -22,10 +22,10 @@ Any application that uses OAuth 2.0 to access Google APIs must have authorizatio
 
 1.  Open the [Credentials page](https://console.developers.google.com/apis/credentials) in the API Console.
 2.  Click **Create credentials > OAuth client ID**.
-3.  Complete the form. Set the application type to `Web application`. Applications that use languages and frameworks like PHP, Java, Python, Ruby, and .NET must specify authorized **redirect URIs**. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses.  
-      
-    For testing, you can specify URIs that refer to the local machine, such as `http://localhost:8080`. With that in mind, please note that all of the examples in this document use `http://localhost:8080` as the redirect URI.  
-      
+3.  Complete the form. Set the application type to `Web application`. Applications that use languages and frameworks like PHP, Java, Python, Ruby, and .NET must specify authorized **redirect URIs**. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses.
+
+    For testing, you can specify URIs that refer to the local machine, such as `http://localhost:8080`. With that in mind, please note that all of the examples in this document use `http://localhost:8080` as the redirect URI.
+
     We recommend that you design your app's auth endpoints so that your application does not expose authorization codes to other resources on the page.
 
 After creating your credentials, download the **client_secret.json** file from the API Console. Securely store the file in a location that only your application can access.
@@ -56,7 +56,7 @@ To run the PHP code samples in this document, you'll need:
     ```sh
     php composer.phar require google/apiclient:^2.0
     ```
-    
+
 ## Obtaining OAuth 2.0 access tokens
 
 The following steps show how your application interacts with Google's OAuth 2.0 server to obtain a user's consent to perform an API request on the user's behalf. Your application must have that consent before it can execute a Google API request that requires user authorization.
@@ -103,8 +103,8 @@ $client->setAuthConfig('client_secret.json');
 
 ##### `redirect_uri`
 
-**Required**. Determines where the API server redirects the user after the user completes the authorization flow. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, which you configured in the [API Console](https://console.developers.google.com/). If this value doesn't match an authorized URI, you will get a 'redirect_uri_mismatch' error. Note that the `http` or `https` scheme, case, and trailing slash ('`/`') must all match.  
-  
+**Required**. Determines where the API server redirects the user after the user completes the authorization flow. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, which you configured in the [API Console](https://console.developers.google.com/). If this value doesn't match an authorized URI, you will get a 'redirect_uri_mismatch' error. Note that the `http` or `https` scheme, case, and trailing slash ('`/`') must all match.
+
 To set this value in PHP, call the `setRedirectUri` function. Note that you must specify a valid redirect URI for your API Console project.
 
 ```php
@@ -113,24 +113,24 @@ $client->setRedirectUri('http://localhost:8080/oauth2callback.php');
 
 ##### `scope`
 
-**Required**. A space-delimited list of scopes that identify the resources that your application could access on the user's behalf. These values inform the consent screen that Google displays to the user.  
-  
+**Required**. A space-delimited list of scopes that identify the resources that your application could access on the user's behalf. These values inform the consent screen that Google displays to the user.
+
 Scopes enable your application to only request access to the resources that it needs while also enabling users to control the amount of access that they grant to your application. Thus, there is an inverse relationship between the number of scopes requested and the likelihood of obtaining user consent. To set this value in PHP, call the `addScope` function:
 
 ```php
 $client->addScope(Google_Service_Drive::DRIVE_METADATA_READONLY);
 ```
 
-The [OAuth 2.0 API Scopes](https://developers.google.com/identity/protocols/googlescopes) document provides a full list of scopes that you might use to access Google APIs.  
-  
+The [OAuth 2.0 API Scopes](https://developers.google.com/identity/protocols/googlescopes) document provides a full list of scopes that you might use to access Google APIs.
+
 We recommend that your application request access to authorization scopes in context whenever possible. By requesting access to user data in context, via [incremental authorization](#Incremental-authorization), you help users to more easily understand why your application needs the access it is requesting.
 
 ##### `access_type`
 
-**Recommended**. Indicates whether your application can refresh access tokens when the user is not present at the browser. Valid parameter values are `online`, which is the default value, and `offline`.  
-  
-Set the value to `offline` if your application needs to refresh access tokens when the user is not present at the browser. This is the method of refreshing access tokens described later in this document. This value instructs the Google authorization server to return a refresh token _and_ an access token the first time that your application exchanges an authorization code for tokens.  
-  
+**Recommended**. Indicates whether your application can refresh access tokens when the user is not present at the browser. Valid parameter values are `online`, which is the default value, and `offline`.
+
+Set the value to `offline` if your application needs to refresh access tokens when the user is not present at the browser. This is the method of refreshing access tokens described later in this document. This value instructs the Google authorization server to return a refresh token _and_ an access token the first time that your application exchanges an authorization code for tokens.
+
 To set this value in PHP, call the `setAccessType` function:
 
 ```php
@@ -139,10 +139,10 @@ $client->setAccessType('offline');
 
 ##### `state`
 
-**Recommended**. Specifies any string value that your application uses to maintain state between your authorization request and the authorization server's response. The server returns the exact value that you send as a `name=value` pair in the hash (`#`) fragment of the `redirect_uri` after the user consents to or denies your application's access request.  
-  
-You can use this parameter for several purposes, such as directing the user to the correct resource in your application, sending nonces, and mitigating cross-site request forgery. Since your `redirect_uri` can be guessed, using a `state` value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string or encode the hash of a cookie or another value that captures the client's state, you can validate the response to additionally ensure that the request and response originated in the same browser, providing protection against attacks such as cross-site request forgery. See the [OpenID Connect](https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken) documentation for an example of how to create and confirm a `state` token.  
-  
+**Recommended**. Specifies any string value that your application uses to maintain state between your authorization request and the authorization server's response. The server returns the exact value that you send as a `name=value` pair in the hash (`#`) fragment of the `redirect_uri` after the user consents to or denies your application's access request.
+
+You can use this parameter for several purposes, such as directing the user to the correct resource in your application, sending nonces, and mitigating cross-site request forgery. Since your `redirect_uri` can be guessed, using a `state` value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string or encode the hash of a cookie or another value that captures the client's state, you can validate the response to additionally ensure that the request and response originated in the same browser, providing protection against attacks such as cross-site request forgery. See the [OpenID Connect](https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken) documentation for an example of how to create and confirm a `state` token.
+
 To set this value in PHP, call the `setState` function:
 
 ```php
@@ -151,8 +151,8 @@ $client->setState($sample_passthrough_value);
 
 ##### `include_granted_scopes`
 
-**Optional**. Enables applications to use incremental authorization to request access to additional scopes in context. If you set this parameter's value to `true` and the authorization request is granted, then the new access token will also cover any scopes to which the user previously granted the application access. See the [incremental authorization](#Incremental-authorization) section for examples.  
-  
+**Optional**. Enables applications to use incremental authorization to request access to additional scopes in context. If you set this parameter's value to `true` and the authorization request is granted, then the new access token will also cover any scopes to which the user previously granted the application access. See the [incremental authorization](#Incremental-authorization) section for examples.
+
 To set this value in PHP, call the `setIncludeGrantedScopes` function:
 
 ```php
@@ -161,10 +161,10 @@ $client->setIncludeGrantedScopes(true);
 
 ##### `login_hint`
 
-**Optional**. If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Google Authentication Server. The server uses the hint to simplify the login flow either by prefilling the email field in the sign-in form or by selecting the appropriate multi-login session.  
-  
-Set the parameter value to an email address or `sub` identifier, which is equivalent to the user's Google ID.  
-  
+**Optional**. If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Google Authentication Server. The server uses the hint to simplify the login flow either by prefilling the email field in the sign-in form or by selecting the appropriate multi-login session.
+
+Set the parameter value to an email address or `sub` identifier, which is equivalent to the user's Google ID.
+
 To set this value in PHP, call the `setLoginHint` function:
 
 ```php
@@ -173,12 +173,12 @@ $client->setLoginHint('timmerman@google.com');
 
 ##### `prompt`
 
-**Optional**. A space-delimited, case-sensitive list of prompts to present the user. If you don't specify this parameter, the user will be prompted only the first time your app requests access.  
-  
+**Optional**. A space-delimited, case-sensitive list of prompts to present the user. If you don't specify this parameter, the user will be prompted only the first time your app requests access.
+
 To set this value in PHP, call the `setApprovalPrompt` function:
 
 ```php
-$client->setApprovalPrompt('consent');
+$client->setPrompt('consent');
 ```
 
 Possible values are:
@@ -200,16 +200,16 @@ Prompt the user to select an account.
 Redirect the user to Google's OAuth 2.0 server to initiate the authentication and authorization process. Typically, this occurs when your application first needs to access the user's data. In the case of [incremental authorization](#incremental-authorization), this step also occurs when your application first needs to access additional resources that it does not yet have permission to access.
 
 1.  Generate a URL to request access from Google's OAuth 2.0 server:
-    
+
     ```php
     $auth_url = $client->createAuthUrl();
     ```
-    
+
 2.  Redirect the user to `$auth_url`:
-    
+
     ```php
     header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
-    ```    
+    ```
 
 Google's OAuth 2.0 server authenticates the user and obtains consent from the user for your application to access the requested scopes. The response is sent back to your application using the redirect URL you specified.
 
@@ -233,7 +233,7 @@ An authorization code response:
 
     https://oauth2.example.com/auth?code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7
 
-> **Important**: If your response endpoint renders an HTML page, any resources on that page will be able to see the authorization code in the URL. Scripts can read the URL directly, and the URL in the `Referer` HTTP header may be sent to any or all resources on the page.  
+> **Important**: If your response endpoint renders an HTML page, any resources on that page will be able to see the authorization code in the URL. Scripts can read the URL directly, and the URL in the `Referer` HTTP header may be sent to any or all resources on the page.
 >
 > Carefully consider whether you want to send authorization credentials to all resources on that page (especially third-party scripts such as social plugins and analytics). To avoid this issue, we recommend that the server first handle the request, then redirect to another URL that doesn't include the response parameters.
 
@@ -276,22 +276,22 @@ $access_token = $client->getAccessToken();
 Use the access token to call Google APIs by completing the following steps:
 
 1.  If you need to apply an access token to a new `Google_Client` object—for example, if you stored the access token in a user session—use the `setAccessToken` method:
-    
+
     ```php
     $client->setAccessToken($access_token);
     ```
-    
+
 2.  Build a service object for the API that you want to call. You build a a service object by providing an authorized `Google_Client` object to the constructor for the API you want to call. For example, to call the Drive API:
-    
+
     ```php
     $drive = new Google_Service_Drive($client);
     ```
-    
+
 3.  Make requests to the API service using the [interface provided by the service object](start.md). For example, to list the files in the authenticated user's Google Drive:
-    
+
     ```php
     $files = $drive->files->listFiles(array())->getItems();
-    ```    
+    ```
 
 [](#top_of_page)Complete example
 --------------------------------
@@ -302,24 +302,24 @@ To run this example:
 
 1.  In the API Console, add the URL of the local machine to the list of redirect URLs. For example, add `http://localhost:8080`.
 2.  Create a new directory and change to it. For example:
-    
+
     ```sh
     mkdir ~/php-oauth2-example
     cd ~/php-oauth2-example
     ```
-    
+
 3.  Install the [Google API Client Library](https://github.com/google/google-api-php-client) for PHP using [Composer](https://getcomposer.org):
-    
+
     ```sh
     composer require google/apiclient:^2.0
     ```
-    
+
 4.  Create the files `index.php` and `oauth2callback.php` with the content below.
 5.  Run the example with a web server configured to serve PHP. If you use PHP 5.4 or newer, you can use PHP's built-in test web server:
-    
+
     ```sh
     php -S localhost:8080 ~/php-oauth2-example
-    ```    
+    ```
 
 #### index.php
 
