!!! Overview
[{$pagename}] (hd)

!! [Google OpenID Connect]
The [hd] ([hosted domain]) is an [OPTIONAL] [OpenID Connect] [parameter] streamlines the [Authentication Request] process for [G-Suite] hosted accounts. 

By including the [DNS Domain] of the [G-Suite] user (for example, mycollege.edu), you can indicate that the [Account Chooser] [UI] should be optimized for accounts at that [G-Suite] [DNS Domain]. 

To optimize for [G-Suite] accounts generally instead of just one [DNS Domain], use an asterisk: 
{{{
hd=*
}}}


[{$pagename}] is also an [OPTIONAL] [id_token] [Claim] that represents the [G-Suite Domain] which is provided only if the user belongs to a [G-Suite] [{$pagename}].


%%warning
[{$pagename}] in an [Authentication Request] [MUST NOT] rely on this UI optimization to control who can access your app, as [client-side] requests can be modified. \\__Be sure to validate that the returned [Id_token] has an [hd] [claim]__ value that matches what you expect (e.g. mycolledge.edu). Unlike the [Authentication Request] parameter, the [id_token] claim is contained within a security token from [Google], so the value can be trusted.
%%

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OpenID Connect|https://developers.google.com/identity/protocols/OpenIDConnect|target='_blank'] - based on information obtained 2017-07-14-