fix(oauth): stop forcing prompt=consent on non-Google providers

The base OAuth provider hardcoded prompt=consent and access_type=offline
on every authorize URL. Both are Google-specific: prompt=consent caused
GitHub, Microsoft, Discord, GitLab, Apple, and X to re-show their
authorization screen on every sign-in, and access_type=offline was
silently ignored by every non-Google provider.

Move both params into Google's authorizationExtraParams so Google's
behavior is unchanged (refresh token still reliably issued via
prompt=consent + access_type=offline), and let other providers fall
back to standard OAuth behavior: consent only on first authorization,
new scopes, or after the user revokes the grant.

Update the Spotify e2e snapshot to drop the now-absent params.

Author: alvgaona

apps/backend/src/oauth/providers/base.tsx

@@ -204,8 +204,6 @@ export abstract class OAuthBaseProvider {
       }),
       state: options.state,
       response_type: "code",
-      access_type: "offline",
-      prompt: "consent",
       ...this.authorizationExtraParams,
     });
   }

apps/backend/src/oauth/providers/google.tsx

@@ -24,6 +24,7 @@ export class GoogleProvider extends OAuthBaseProvider {
       baseScope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile",
       authorizationExtraParams: {
         prompt: "consent",
+        access_type: "offline",
         include_granted_scopes: "true",
       },
       ...options,

apps/e2e/tests/backend/endpoints/api/v1/auth/oauth/authorize.test.ts

@@ -44,7 +44,7 @@ it("should redirect the user to the OAuth provider with the right arguments even
   expect(response.authorizeResponse.status).toBe(307);
   const secondLocation = response.authorizeResponse.headers.get("location");
   expect(secondLocation).toBeTruthy();
-  expect(secondLocation).toMatchInlineSnapshot(`"http://localhost:<$NEXT_PUBLIC_STACK_PORT_PREFIX>14/auth?client_id=spotify&scope=openid+offline_access&response_type=code&redirect_uri=%3Cstripped+query+param%3E&code_challenge_method=S256&code_challenge=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&access_type=offline&prompt=consent"`);
+  expect(secondLocation).toMatchInlineSnapshot(`"http://localhost:<$NEXT_PUBLIC_STACK_PORT_PREFIX>14/auth?client_id=spotify&scope=openid+offline_access&response_type=code&redirect_uri=%3Cstripped+query+param%3E&code_challenge_method=S256&code_challenge=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E"`);
   expect(response.authorizeResponse.headers.get("set-cookie")).toMatch(/^stack-oauth-inner-[^;]+=[^;]+; Path=\/; Expires=[^;]+; Max-Age=\d+;( Secure;)? HttpOnly$/);
 });
 
@@ -59,7 +59,7 @@ it("should return the OAuth location as JSON when requested by the SDK flow", as
   expect(response).toMatchInlineSnapshot(`
     NiceResponse {
       "status": 200,
-      "body": { "location": "http://localhost:<$NEXT_PUBLIC_STACK_PORT_PREFIX>14/auth?client_id=spotify&scope=openid+offline_access&response_type=code&redirect_uri=%3Cstripped+query+param%3E&code_challenge_method=S256&code_challenge=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&access_type=offline&prompt=consent" },
+      "body": { "location": "http://localhost:<$NEXT_PUBLIC_STACK_PORT_PREFIX>14/auth?client_id=spotify&scope=openid+offline_access&response_type=code&redirect_uri=%3Cstripped+query+param%3E&code_challenge_method=S256&code_challenge=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E" },
       "headers": Headers { <some fields may have been hidden> },
     }
   `);