Allow Setting Additional Parameters on OAuth URLs Dynamically

[stephanrenggli]

Is your feature request related to a problem? Please describe.

I would like to add things like login_hint to the OAuth url dynamically. Like this I could set login_hint to the email of the user currently trying to authenticate.

This issue #5232 already describes the issue pretty well, especially the last comment regarding dynamic parameter values.

In my use case, I need a standard Authentik login where the user is prompted for their username or email. A policy would then check the domain of the username and, based on that, either redirect to Google SSO or use the local database. However, with static parameters, I cannot set the login_hint dynamically, as it should be the email entered in the initial Authentik form.

Describe the solution you'd like

I would like a way to set arbitrary additional OAuth parameters and be able to use dynamic values from flows such as email, username, etc.

Describe alternatives you've considered

It works fine without login_hint but it would be an improvement for end users as they don't have to enter their email twice - once in authentik and then again at the social login provider (Google/Discord/Gitlab etc.).

Additional context
Add any other context or screenshots about the feature request here.

[HNicolas]

I have the same use, I would like to redirect my users to the correct source based on their email.
It would be nice if we could add the login_hint parameter so the user doesn't have to reenter his email.

[jrndberg]

+1

[TykanN]

Any update? In my case, prompt=select_account parameter should be added in Google OAuth Authorization URL.