Pass params to social provider using Universal Login (Params such as -> prompt: 'select_account' )

caledonia · May 4, 2022, 10:26pm

This question is similar to:

Change and see Google account when login – except that in our case, we are using Universal Login.
How do I force the Universal Login to allow the user to select a gmail account? - #11 by caledonia – this question was never closed but seems similar. I left a comment in that thread, too.

Our configuration
We are using Universal Login, with Google as our social provider. We also have a Login Action in place that functions as an allowlist: Only email domains in the allowlist are issued tokens. If a user with an invalid domain attempts to login, they will be gated from the application and see an error.

The issue
If a user logs in with a Google account with an invalid domain, they becomes gated from the application due to our allowlist action, but the Universal Login screen keeps authorizing-ing them based on the same [incorrect] Google account. There is no option to change accounts.

It is suggested here, for a similar issue, to use an option supported by Google that allows the user to select another account: prompt=select_account. Apparently this param should be included in the Google login request.

There doesn’t seem to be a documented way to include this param in the call to webAuth.authorize, which is what the Universal Login page uses. I don’t see this as a valid prompt in the webAuth.authorize documentation. Is there a way to do this with Universal Login?

Here’s the relevant snippet of code from our Universal Login page code, where we are attempting to pass a prompt to the authorize call:

var params = Object.assign({
    overrides: {
        __tenant: config.auth0Tenant,
        __token_issuer: config.authorizationServer.issuer
    },
    domain: config.auth0Domain,
    clientID: config.clientID,
    redirectUri: config.callbackURL,
    responseType: 'code'
}, config.internalOptions);

var webAuth = new auth0.WebAuth(params);
var captcha = webAuth.renderCaptcha(
    document.querySelector('.captcha-container')
);

function loginWithGoogle() {
    webAuth.authorize({
        connection: 'google-oauth2',
      	prompt: 'select_account'
    }, function (err) {
        if (err) displayError(err);
    });
}

tyf · January 7, 2023, 12:29am

I apologize for the super delayed response - I’ve been combing through a bit of our backlog and wanted to be sure and link to what looks to be a solution in the topic you’ve linked to previously for future reference:

Hopefully this helps others!

system · January 21, 2023, 12:29am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Google Login choose Account Help connections , google-social-connection	1	952	April 15, 2023
Allow user using google-oauth2 authentication to pick google account. Do not sign in automatically Help google , login , social-connection	1	3814	July 13, 2023
WebAuth /authorize opening up universal login page even if i passing connectionType in params Help auth0 , login	2	2443	January 21, 2021
Switching Google Accounts When Already Logged In Help auth0	0	1761	April 5, 2022
How do I force the Universal Login to allow the user to select a gmail account? Help	12	7699	September 20, 2022

Pass params to social provider using Universal Login (Params such as -> prompt: 'select_account' )

Related Topics