Add support for login_hint in authorization url generation (#4943)

* add login_hint to authorization url generation Signed-off-by: olivier <odelcroi@gmail.com> Signed-off-by: olivier <odelcroi@gmail.com> fix lint Signed-off-by: olivier <odelcroi@gmail.com> * update doc * fix linter --------- Signed-off-by: olivier <odelcroi@gmail.com> Co-authored-by: mcalinghee <mcalinghee.dev@gmail.com>
2025-11-23 17:02:25 +03:00 · 2025-08-18 17:06:59 +02:00
parent 6d42ed338e
commit 2b46579bd8
2 changed files with 22 additions and 0 deletions
--- a/spec/unit/oidc/authorize.spec.ts
+++ b/spec/unit/oidc/authorize.spec.ts
@@ -164,6 +164,23 @@ describe("oidc authorization", () => {

            expect(authUrl.searchParams.get("prompt")).toEqual("create");
        });
+
+        it("should generate url with login_hint", async () => {
+            const nonce = "abc123";
+
+            const authUrl = new URL(
+                await generateOidcAuthorizationUrl({
+                    metadata: delegatedAuthConfig,
+                    homeserverUrl: baseUrl,
+                    clientId,
+                    redirectUri: baseUrl,
+                    nonce,
+                    loginHint: "login1234",
+                }),
+            );
+
+            expect(authUrl.searchParams.get("login_hint")).toEqual("login1234");
+        });
    });

    describe("completeAuthorizationCodeGrant", () => {
--- a/src/oidc/authorize.ts
+++ b/src/oidc/authorize.ts
@@ -125,6 +125,8 @@ export const generateAuthorizationUrl = async (
 * @param prompt - indicates to the OP which flow the user should see - eg login or registration
 *          See https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-prompt-parameter
 * @param urlState - value to append to the opaque state identifier to uniquely identify the callback
+ * @param loginHint - value to send as the `login_hint` to the OP, giving a hint about the login identifier the user might use to log in.
+ *          See {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest OIDC core 3.1.2.1}.
 * @returns a Promise with the url as a string
 */
 export const generateOidcAuthorizationUrl = async ({
@@ -136,6 +138,7 @@ export const generateOidcAuthorizationUrl = async ({
    nonce,
    prompt,
    urlState,
+    loginHint,
 }: {
    clientId: string;
    metadata: ValidatedAuthMetadata;
@@ -145,6 +148,7 @@ export const generateOidcAuthorizationUrl = async ({
    nonce: string;
    prompt?: string;
    urlState?: string;
+    loginHint?: string;
 }): Promise<string> => {
    const scope = generateScope();
    const oidcClient = new OidcClient({
@@ -163,6 +167,7 @@ export const generateOidcAuthorizationUrl = async ({
        nonce,
        prompt,
        url_state: urlState,
+        login_hint: loginHint,
    });

    return request.url;