Possible to send login_hint to okta?

[aharpervc]

Per this support question I found, Okta supports sending a username to their form by sending login_hint as a query string param with authorization requests.

Is that possible to do with this gem? Is there a way to send custom query string parameters?

[sw4d]

I found this issue wondering the same thing.

I looked over the omniauth-google-oauth2 gem which allows this functionality. Check out this method

I updated my okta initializer to something like this to get the behavior I wanted:

# /initializer/okta.rb

class OmniAuth::Strategies::Okta < OmniAuth::Strategies::OAuth2
    option :authorize_options, %w(login_hint some other options)

    def authorize_params
        super.tap do |params|
            options[:authorize_options].each do |k|
                params[k] = request.params[k.to_s] unless [nil, '', []].include?(request.params[k.to_s])
            end
        end
    end
end

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {
    client_options: {
      site:                 'https://your-org.okta.com',
      authorization_server: '<authorization_server>',
      authorize_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/authorize',
      token_url:            'https://your-org.okta.com/oauth2/<authorization_server>/v1/token',
      user_info_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/userinfo',
      audience:             'api://your-audience'
    }
  }
end

Hope that helps get the gears turning.