We are implementing Google One tap login in our application. If the user is logged in multiple accounts with Google, we want to avoid presenting the account selection twice. This can be accomplished when using the login_hint parameter and it works perfectly for “@gmail.com” emails; when the email is not a Gmail one, Auth0 removes the login_hint parameter when it redirects to Google, causing the account selection screen to be presented.
# When using a @gmail.com account, login_hint is present on the redirection
$ curl -v "https://mydomain.us.auth0.com/authorize?client_id=myclient-id&scope=openid%20profile%20email&response_type=code&redirect_uri=https%3A%2F%2Fmyapp.com%2Fcallback&connection=google-oauth2&login_hint=john.doe%40gmail.com" 2>&1 | grep -e $'< HTTP\nlocation' -
< HTTP/2 302
< location: https://accounts.google.com/o/oauth2/auth?login_hint=john.doe%40gmail.com&response_type=code&redirect_uri=https%3A%2F%2Fmydomain.us.auth0.com%2Flogin%2Fcallback&scope=email%20profile&state=auth-state&client_id=my-google-client-id
# Otherwise, it gets removed from the redirection URL
$ curl -v "https://mydomain.us.auth0.com/authorize?client_id=myclient-id&scope=openid%20profile%20email&response_type=code&redirect_uri=https%3A%2F%2Fmyapp.com%2Fcallback&connection=google-oauth2&login_hint=john.doe%40company.com" 2>&1 | grep -e $'< HTTP\nlocation' -
< HTTP/2 302
< location: https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fmydomain.us.auth0.com%2Flogin%2Fcallback&scope=email%20profile&state=auth-state&client_id=my-google-client-id