Retrieving Google `hd` param from /login/callback

We’d like to get the GSuite organization from our Google Social connection, if possible.
From the Google docs, this is available in the ID_token returned by Google’s OIDC endpoint: OpenID Connect  |  Google Identity  |  Google Developers

However it seems like Auth0 does not forward this information. We also noticed that Google will redirect back to auth0 in with the hd parameter set. We tried to grab this using a Custom Rule, but it seems like this rule doesn’t run after callback. We believe customRules run after https://<id>., which executes earlier in the login pipeline.

Ideally we’d like to be able to read some information from the Auth0 <> Google token exchange and forward to the token we receive from Auth0. We are open to other suggestions if you have any.


same requirement for me. hd is not showing up on the auth0 user.