Pass params to social provider using Universal Login (Params such as -> prompt: 'select_account' )

caledonia · May 4, 2022, 10:26pm

This question is similar to:

Change and see Google account when login – except that in our case, we are using Universal Login.
How do I force the Universal Login to allow the user to select a gmail account? - #11 by caledonia – this question was never closed but seems similar. I left a comment in that thread, too.

Our configuration
We are using Universal Login, with Google as our social provider. We also have a Login Action in place that functions as an allowlist: Only email domains in the allowlist are issued tokens. If a user with an invalid domain attempts to login, they will be gated from the application and see an error.

The issue
If a user logs in with a Google account with an invalid domain, they becomes gated from the application due to our allowlist action, but the Universal Login screen keeps authorizing-ing them based on the same [incorrect] Google account. There is no option to change accounts.

It is suggested here, for a similar issue, to use an option supported by Google that allows the user to select another account: prompt=select_account. Apparently this param should be included in the Google login request.

There doesn’t seem to be a documented way to include this param in the call to webAuth.authorize, which is what the Universal Login page uses. I don’t see this as a valid prompt in the webAuth.authorize documentation. Is there a way to do this with Universal Login?

Here’s the relevant snippet of code from our Universal Login page code, where we are attempting to pass a prompt to the authorize call:

var params = Object.assign({
    overrides: {
        __tenant: config.auth0Tenant,
        __token_issuer: config.authorizationServer.issuer
    },
    domain: config.auth0Domain,
    clientID: config.clientID,
    redirectUri: config.callbackURL,
    responseType: 'code'
}, config.internalOptions);

var webAuth = new auth0.WebAuth(params);
var captcha = webAuth.renderCaptcha(
    document.querySelector('.captcha-container')
);

function loginWithGoogle() {
    webAuth.authorize({
        connection: 'google-oauth2',
      	prompt: 'select_account'
    }, function (err) {
        if (err) displayError(err);
    });
}

tyf · January 7, 2023, 12:29am

I apologize for the super delayed response - I’ve been combing through a bit of our backlog and wanted to be sure and link to what looks to be a solution in the topic you’ve linked to previously for future reference:

Hopefully this helps others!

system · January 21, 2023, 12:29am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.