Allow Setting Additional Parameters on OAuth URLs #5232
Description
Is your feature request related to a problem? Please describe.
If OAuth login is restricted to a single domain, the OAuth login prompt should pre-populate that domain to make it clear only accounts within the domain are allowed.
Describe the solution you'd like
Some OAuth providers, like Google's have additional query string parameters that can be set to pre-populate parts of the login form, like the domain. In Google's case, adding hd=example.com to the redirect authorization URL will pre-populate the login form with the domain provided.
Note: this is not strongly enforced and not a security control. This is an ease-of-use enhancement and makes it clearer to the user that they should use an account within the provided domain to login.
I am proposing that there be a provider agnostic way to add or override the URL parameters for OAuth providers so that additional parameters such as hd or login_hint can be used.
Alternatively a per-provider option could be added that can manually set these settings if the provider supports it.
Describe alternatives you've considered
NA
Additional context
This is what the Google OAuth login form would look like with hd=example.com added to the querystring:
