Retrieving Google `hd` param from /login/callback

We’d like to get the GSuite organization from our Google Social connection, if possible.
From the Google docs, this is available in the ID_token returned by Google’s OIDC endpoint: OpenID Connect  |  Google Identity  |  Google Developers

However it seems like Auth0 does not forward this information. We also noticed that Google will redirect back to auth0 in https://.auth0.com/login/callback with the hd parameter set. We tried to grab this using a Custom Rule, but it seems like this rule doesn’t run after callback. We believe customRules run after https://<id>. auth0.com/authorize, which executes earlier in the login pipeline.

Ideally we’d like to be able to read some information from the Auth0 <> Google token exchange and forward to the token we receive from Auth0. We are open to other suggestions if you have any.

4 Likes

same requirement for me. hd is not showing up on the auth0 user.