This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Hosted domain
Hosted domain

Version management

Difference between version and

At line 1 added 519 lines
!!! Overview
[{$pagename}] (hd)
!! [Google OpenID Connect]
The [hd] ([hosted domain]) is an [OPTIONAL] [OpenID Connect] [parameter] streamlines the [Authentication Request] process for [G-Suite] hosted accounts.
By including the [DNS Domain] of the [G-Suite] user (for example, mycollege.edu), you can indicate that the [Account Chooser] [UI] should be optimized for accounts at that [G-Suite] [DNS Domain].
To optimize for [G-Suite] accounts generally instead of just one [DNS Domain], use an asterisk:
{{{
hd=*
}}}
[{$pagename}] is also an [OPTIONAL] [id_token] [Claim] that represents the [G-Suite Domain] which is provided only if the user belongs to a [G-Suite] [{$pagename}].
%%warning
[{$pagename}] in an [Authentication Request] [MUST NOT] rely on this UI optimization to control who can access your app, as [client-side] requests can be modified. \\__Be sure to validate that the returned [Id_token] has an [hd] [claim]__ value that matches what you expect (e.g. mycolledge.edu). Unlike the [Authentication Request] parameter, the [id_token] claim is contained within a security token from [Google], so the value can be trusted.
%%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OpenID Connect|https://developers.google.com/identity/protocols/OpenIDConnect|target='_blank'] - based on information obtained 2017-07-14-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop