When is access_type = Online appropriate? :OAuth2 - Google API

Question

When requesting OAuth credentials, I can specify the access_type to be Offline or Online.

Opting for the Online access type forces the users to approve access to my app each time they login. Why is that? Hasn't the user already approved my app?

Update #1:

I have my approval_prompt set to 'auto'.
If I just log out of Google without deleting any cookies, it doesn't prompt me again. But deleting the cookies brings back the grant screen.

Update #2:

It works fine through the OAuth Playground. http://code.google.com/oauthplayground/

Using OAuth 2.0 for Web Server Applications https://developers.google.com/accounts/docs/OAuth2WebServer

Update #3: Relevant code snippets

Helper method to generate OAuth URL

def build_auth_uri
    return @client.authorization.authorization_uri(
     :access_type => :online,
     :approval_prompt => :auto
    ).to_s 
end

Calling the Helper method in the View

<a href="<%= build_auth_uri %>">  Connect Me! </a>

Generated OAuth URL on the webpage

https://accounts.google.com/o/oauth2/auth?access_type=online&approval_prompt=auto&redirect_uri=http://localhost:3000/gclient/gcallback&response_type=code

Answer 1

There is one other parameter that comes into play in these flows and I suspect you're running into it. It's the approval_prompt parameter.

When access_type=online you are also allowed to specify a value for approval_prompt. If it is set to approval_prompt=force, your user will always be prompted, even if they have already granted.

On the other hand, when access_type=offline, approval_prompt can only be set to approval_prompt=force, but to make up for this restriction you're also provided a refresh_token which you can use to refresh your access token.

Check the URL that your access_type=online is opening. Try setting approval_prompt=auto. The grant screen should only appear the first time.