Adding 'login_hint' parameter to OAuth2 connections

Author: Tama Pugsley

src/Google/Auth/OAuth2.php

@@ -149,6 +149,11 @@ public function createAuthUrl($scope)
         'approval_prompt' => $this->client->getClassConfig($this, 'approval_prompt'),
     );
 
+    $login_hint = $this->client->getClassConfig($this, 'login_hint');
+    if ($login_hint != '') {
+      $params['login_hint'] = $login_hint;
+    }
+
     // If the list of scopes contains plus.login, add request_visible_actions
     // to auth URL.
     $rva = $this->client->getClassConfig($this, 'request_visible_actions');

src/Google/Client.php

@@ -100,7 +100,7 @@ function_exists('date_default_timezone_set')) {
         $config->setClassConfig('Google_Http_Request', 'disable_gzip', true);
       }
     }
-    
+
     if ($config->getIoClass() == Google_Config::USE_AUTO_IO_SELECTION) {
       if (function_exists('curl_version') && function_exists('curl_exec')) {
         $config->setIoClass("Google_IO_Curl");
@@ -292,6 +292,15 @@ public function setApprovalPrompt($approvalPrompt)
     $this->config->setApprovalPrompt($approvalPrompt);
   }
 
+  /**
+   * Set the login hint, email address or sub id.
+   * @param string $loginHint
+   */
+  public function setLoginHint($loginHint)
+  {
+      $this->config->setLoginHint($loginHint);
+  }
+
   /**
    * Set the application name, this is included in the User-Agent HTTP header.
    * @param string $applicationName

src/Google/Config.php

@@ -80,6 +80,7 @@ public function __construct($ini_file_location = null)
           // Other parameters.
           'access_type' => 'online',
           'approval_prompt' => 'auto',
+          'login_hint' => '',
           'request_visible_actions' => '',
           'federated_signon_certs_url' =>
               'https://www.googleapis.com/oauth2/v1/certs',
@@ -282,6 +283,15 @@ public function setApprovalPrompt($approval)
     $this->setAuthConfig('approval_prompt', $approval);
   }
 
+  /**
+   * Set the login hint (email address or sub identifier)
+   * @param $hint string
+   */
+  public function setLoginHint($hint)
+  {
+    $this->setAuthConfig('login_hint', $hint);
+  }
+
   /**
    * Set the developer key for the auth class. Note that this is separate value
    * from the client ID - if it looks like a URL, its a client ID!

tests/general/ApiOAuth2Test.php

@@ -24,7 +24,7 @@
 
 class ApiOAuth2Test extends BaseTest {
 
-  public function testSign() 
+  public function testSign()
   {
     $client = $this->getClient();
     $oauth = new Google_Auth_OAuth2($client);
@@ -54,7 +54,7 @@ public function testSign()
     $this->assertEquals('Bearer ACCESS_TOKEN', $auth);
   }
 
-  public function testRevokeAccess() 
+  public function testRevokeAccess()
   {
     $accessToken = "ACCESS_TOKEN";
     $refreshToken = "REFRESH_TOKEN";
@@ -103,7 +103,7 @@ public function testRevokeAccess()
     $this->assertEquals($accessToken2, $token);
   }
 
-  public function testCreateAuthUrl() 
+  public function testCreateAuthUrl()
   {
     $client = $this->getClient();
     $oauth = new Google_Auth_OAuth2($client);
@@ -115,7 +115,21 @@ public function testCreateAuthUrl()
     $client->setAccessType('offline');
     $client->setApprovalPrompt('force');
     $client->setRequestVisibleActions(array('http://foo'));
+    $client->setLoginHint("[email protected]");
 
+    $authUrl = $oauth->createAuthUrl("http://googleapis.com/scope/foo");
+    $expected = "https://accounts.google.com/o/oauth2/auth"
+        . "?response_type=code"
+        . "&redirect_uri=http%3A%2F%2Flocalhost"
+        . "&client_id=clientId1"
+        . "&scope=http%3A%2F%2Fgoogleapis.com%2Fscope%2Ffoo"
+        . "&access_type=offline"
+        . "&approval_prompt=force"
+        . "&login_hint=bob%40example.org";
+    $this->assertEquals($expected, $authUrl);
+
+    // Again with a blank login hint (should remove all traces from authUrl)
+    $client->setLoginHint("");
     $authUrl = $oauth->createAuthUrl("http://googleapis.com/scope/foo");
     $expected = "https://accounts.google.com/o/oauth2/auth"
         . "?response_type=code"
@@ -128,11 +142,11 @@ public function testCreateAuthUrl()
   }
 
   /**
-   * Most of the logic for ID token validation is in AuthTest - 
+   * Most of the logic for ID token validation is in AuthTest -
    * this is just a general check to ensure we verify a valid
    * id token if one exists.
    */
-  public function testValidateIdToken() 
+  public function testValidateIdToken()
   {
     if (!$this->checkToken()) {
       return;