instructure · chris-perts · Mar 25, 2024 · Mar 25, 2024
diff --git a/app/controllers/login/oauth2_controller.rb b/app/controllers/login/oauth2_controller.rb
@@ -28,7 +28,7 @@ def new
     super
     nonce = session[:oauth2_nonce] = SecureRandom.hex(24)
     jwt = Canvas::Security.create_jwt({ aac_id: @aac.global_id, nonce:, host: request.host_with_port }, 10.minutes.from_now)
-    authorize_url = @aac.generate_authorize_url(oauth2_login_callback_url, jwt)
+    authorize_url = @aac.generate_authorize_url(oauth2_login_callback_url, jwt, params[:login_hint])
 
     if @aac.debugging? && @aac.debug_set(:nonce, nonce, overwrite: false)
       @aac.debug_set(:debugging, t("Redirected to identity provider"))

diff --git a/app/models/authentication_provider/oauth2.rb b/app/models/authentication_provider/oauth2.rb
@@ -38,8 +38,10 @@ def client
     @client ||= ::OAuth2::Client.new(client_id, client_secret, client_options)
   end
 
-  def generate_authorize_url(redirect_uri, state)
-    client.auth_code.authorize_url({ redirect_uri:, state: }.merge(authorize_options))
+  def generate_authorize_url(redirect_uri, state, login_hint = nil)
+    options = { redirect_uri: redirect_uri, state: state }
+    options[:login_hint] = login_hint if login_hint
+    client.auth_code.authorize_url(options.merge(authorize_options))
   end
 
   def get_token(code, redirect_uri, _params)