arikfr
commented
7 years ago Just to make sure I understand: when there is only one Google Apps domain defined, we will pass the hd param but otherwise do what we do today?
Open benmanns opened 7 years ago
arikfr
commented
7 years ago Just to make sure I understand: when there is only one Google Apps domain defined, we will pass the hd param but otherwise do what we do today?
benmanns
commented
7 years ago Yeah, exactly.
Edit: Actually, I'm not familiar with the multi-org login sequence, but if session.get('org_slug') is set on login for an organization we could probably add hd in that case, too, to optimize the sign in experience.
arikfr
commented
7 years ago It's practically the same, the only thing that changes is how you find current org:
https://github.com/getredash/redash/blob/53268989c5fe5c619b399b488094c501cb286af4/redash/authentication/google_oauth.py#L91
Would it be possible to add the hd parameter to this authorization URL in the event that there's a single allowed Google Apps domain? It optimizes the sign in experience by limiting the suggested accounts to those for the passed Google domain.
If you're signed in to a single account on the domain and already authorized Redash: instant redirect to login.
If you're signed in on the domain and haven't authorized Redash: present only accounts from the authorized Google domain.
If you're not signed in: present the login dialog with your domain pre-filled.
If you're interested in merging something like this but can't prioritize this as a feature I can put together a PR with the changes required.