Add flag to relay entered username as login_hint to organization's SSO provider #435
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
https://affectionate-colden-9xniyqn54r.projects.oryapis.com
Describe your problem
Using Ory default UI, we are unable to instruct the Ory flow to relay the entered email as a login_hint to an organization's login page (okta, entra, etc). In some cases, this requires the user to enter their email twice to login - once at the Ory login page, and again at their organization's login page.
Describe your ideal solution
When our code starts the Ory login flow, it would be nice to have a way to instruct the Ory flow to relay the entered email as a login_hint, such as via querystring param.
ex: redirect .../self-service/login/browser?...&relay_login_hint=true
Under the hood, this would start a flow that eventually appends &login_hint=example%40example.com to the organization's authorize endpoint, thus populating the appropriate field in the resulting UI.
After user submits Ory login page and chooses OIDC connection (ex okta), redirect results in:
https://{domain}.okta.com/oauth2/v1/authorize?...login_hint=example%40example.com
Workarounds or alternatives
No alternative at the moment using Ory default UI. The only workaround is for us to go back and implement a fully custom UI, where it seems we can post upstream params to the login flow.
Version
node sdk 1.15.10, with some direct REST API calls
Additional Context
No response