Page MenuHomePhabricator
Create Task
Maniphest T5591

Add default domain to Google auth
Open, NormalPublic
Actions

Description

When a user connects with Google OAuth and has several Google accounts, it would be nice to help them select the correct account by telling google which domain we expect the account to reside on.

Google supports an hd parameter under OAuth1 to select a default domain. This parameter is not documented (at least, anywhere that I can find) for OAuth2, but maybe it still works:

  • Figure out if hd works for OAuth2.
  • If it doesn't, try to find some equivalent.
  • If we come up with something, let users configure it in Auth > Google.

Related Objects

Event Timeline

epriestley created this task.Jul 10 2014, 1:47 PM
epriestley claimed this task.
epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added a project: Auth.
epriestley added subscribers: epriestley, zeeg.
zeeg added a comment.Jul 10 2014, 6:37 PM

hd works for OAuth2 FWIW:

https://github.com/dropbox/changes/commit/42c5dcddb86bb0830a6805d987ce517dab987e20

epriestley added a comment.Jul 10 2014, 6:42 PM

Ah, nice.

epriestley merged a task: T9040: Google SSO fails if `auth.email-domains` is set and you're not logged into the correct Google account.Aug 3 2015, 2:19 AM
epriestley added subscribers: angie, jhurwitz.
jhurwitz added a project: Restricted Project.Aug 3 2015, 2:20 AM
epriestley added a comment.Sep 9 2015, 11:27 PM

This is straightforward and probably <1 hour of work. It can be squeezed in if approved for prioritization.

angie moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Sep 10 2015, 5:18 PM
epriestley mentioned this in T9972: Profile image from Google not being picked up.Dec 12 2015, 3:53 PM

The onscreen instructions for this adapter in the UI are also a bit out of date because the Google console has been updated since we wrote them. This is probably the next change to touch the provider, and should also look at modernizing the instructions.

joshuaspence added a subscriber: joshuaspence.Dec 12 2015, 11:11 PM
eadler added a project: Restricted Project.Aug 5 2016, 5:23 PM
Herald added a subscriber: eadler. · View Herald TranscriptAug 5 2016, 5:23 PM
epriestley moved this task from Backlog to Next on the Auth board.Jan 3 2019, 7:25 PM
Herald added a subscriber: alexmv. · View Herald TranscriptJan 3 2019, 7:25 PM
epriestley added a comment.Jan 3 2019, 7:25 PM

Since T13227 has an actual realtime deadline, that's probably a good time to take care of this, too.

epriestley mentioned this in D20015: Adjust Google Auth Adapter to use Open ID Connect.Jan 23 2019, 11:29 AM
alexmv removed a subscriber: alexmv.Mar 31 2019, 10:15 PM
epriestley added a comment.Feb 24 2020, 9:20 PM

As of early 2020, this change works:

   public function getExtraAuthenticateParameters() {
     return array(
       'response_type' => 'code',
+      'hd' => 'epriestley.com',
     );
   }

So this is just an issue of adding a UI control.

Herald added a subscriber: amckinley. · View Herald TranscriptFeb 24 2020, 9:20 PM
Phabricator · Built by Phacility