Google OpenID Connect


Google OpenID Connect supports and is an OpenID Connect Certified OpenID Connect Provider

Google as with all OpenID Connect Provider has a few specific options that are worth noting.[1]

Authentication URI parameters

  • include_granted_scopes (ture or false) - OPTIONAL parameter used for Incremental Authorization
  • hd - OPTIONAL - The hd (hosted domain) parameter streamlines the login process for G-Suite hosted accounts. By including the domain of the G-Suite user (for example, mycollege.edu), you can indicate that the account selection UI should be optimized for accounts at that domain. To optimize for G Suite accounts generally instead of just one domain, use an asterisk: hd=*.
    Don't rely on this UI optimization to control who can access your app, as client-side requests can be modified. Be sure to validate that the returned ID token has an hd claim value that matches what you expect (e.g. mycolledge.edu). Unlike the request parameter, the ID token claim is contained within a security token from Google, so the value can be trusted.

More Information#

There might be more information for this subject on one of the following: