Page MenuHomePhabricator

Add default domain to Google auth
Open, NormalPublic


When a user connects with Google OAuth and has several Google accounts, it would be nice to help them select the correct account by telling google which domain we expect the account to reside on.

Google supports an hd parameter under OAuth1 to select a default domain. This parameter is not documented (at least, anywhere that I can find) for OAuth2, but maybe it still works:

  • Figure out if hd works for OAuth2.
  • If it doesn't, try to find some equivalent.
  • If we come up with something, let users configure it in Auth > Google.

Event Timeline

epriestley claimed this task.
epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added a project: Auth.
epriestley added subscribers: epriestley, zeeg.
jhurwitz added a project: Restricted Project.Aug 3 2015, 2:20 AM

This is straightforward and probably <1 hour of work. It can be squeezed in if approved for prioritization.

angie moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Sep 10 2015, 5:18 PM

The onscreen instructions for this adapter in the UI are also a bit out of date because the Google console has been updated since we wrote them. This is probably the next change to touch the provider, and should also look at modernizing the instructions.

eadler added a project: Restricted Project.Aug 5 2016, 5:23 PM

Since T13227 has an actual realtime deadline, that's probably a good time to take care of this, too.

As of early 2020, this change works:

   public function getExtraAuthenticateParameters() {
     return array(
       'response_type' => 'code',
+      'hd' => '',

So this is just an issue of adding a UI control.