When a user is logged into one Gmail account in the browser, ChatGPT’s “Continue with Google” login automatically authenticates using that Gmail account and skips the Google account-selection flow, preventing the user from choosing a different Google account.
Steps to reproduce:
-
Log into a single Gmail account in the browser.
-
Navigate to chatgpt dot com
-
Select Log in → Continue with Google.
-
ChatGPT immediately authenticates using the active Gmail account without presenting an account chooser or confirmation.
Expected behavior:
The Google OAuth flow should always present an account chooser or explicit confirmation of which Google account will be used, regardless of existing Gmail sessions.
Observed behavior:
ChatGPT assumes the active Gmail account is the intended ChatGPT identity and completes login without user confirmation.
Impact:
-
Security: Users can unintentionally authenticate with the wrong identity.
-
Privacy: Implicit identity binding without affirmative consent.
-
Compliance: Fails enterprise and regulated-environment expectations for explicit identity selection.
-
UX: Confusing and error-prone for users with multiple Google accounts.
Notes:
This appears to be an OAuth implementation/UX issue (e.g., missing prompt=select_account). Even if Google supports session reuse, ChatGPT should not silently bind identity without explicit user intent.