With this change, if users are directed to "/login/google?login_hint=user@foo.com", assuming canvas has the "google" authentication option set up, it will add &login_hint to the authorization request URL. The effect on the user is to skip the account choice screen if the user has multiple active sessions with the IdP and the email provided in login_hint matches one of them.
This adds some support for the
login_hint
parameter, defined by the OIDC Core 1.0 spec and mentioned in Google's documentation of the same.With this change, if users are directed to "/login/google?login_hint=user@foo.com", assuming canvas has the "google" authentication option set up, it will add
&login_hint
to the authorization request URL. The effect on the user is to skip the account choice screen if the user has multiple active sessions with the IdP and the email provided inlogin_hint
matches one of them.