From 62246e53b408f7827632cef67eed9be1aedf0294 Mon Sep 17 00:00:00 2001
From: JensHeise <62468949+JensHeise@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:17:41 +0200
Subject: [PATCH 1/3] feat: add authURLParams to BeginAuth

---
 providers/openidConnect/openidConnect.go | 25 ++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/providers/openidConnect/openidConnect.go b/providers/openidConnect/openidConnect.go
index 4a7215948..109ef333d 100644
--- a/providers/openidConnect/openidConnect.go
+++ b/providers/openidConnect/openidConnect.go
@@ -51,13 +51,14 @@ const (
 
 // Provider is the implementation of `goth.Provider` for accessing OpenID Connect provider
 type Provider struct {
-	ClientKey    string
-	Secret       string
-	CallbackURL  string
-	HTTPClient   *http.Client
-	OpenIDConfig *OpenIDConfig
-	config       *oauth2.Config
-	providerName string
+	ClientKey    	string
+	Secret       	string
+	CallbackURL  	string
+	HTTPClient   	*http.Client
+	OpenIDConfig 	*OpenIDConfig
+	config       	*oauth2.Config
+	authCodeOptions	[]oauth2.AuthCodeOption
+	providerName 	string
 
 	UserIdClaims    []string
 	NameClaims      []string
@@ -186,6 +187,14 @@ func (p *Provider) SetName(name string) {
 	p.providerName = name
 }
 
+// SetAuthCodeOptions sets additional parameters for the authentication URL.
+// It takes a map of string key-value pairs and appends them to the provider's authCodeOptions.
+func (p *Provider) SetAuthCodeOptions(params map[string]string) {
+	for k, v := range params {
+		p.authCodeOptions = append(p.authCodeOptions, oauth2.SetAuthURLParam(k, v))
+	}
+}
+
 func (p *Provider) Client() *http.Client {
 	return goth.HTTPClientWithFallBack(p.HTTPClient)
 }
@@ -195,7 +204,7 @@ func (p *Provider) Debug(debug bool) {}
 
 // BeginAuth asks the OpenID Connect provider for an authentication end-point.
 func (p *Provider) BeginAuth(state string) (goth.Session, error) {
-	url := p.config.AuthCodeURL(state)
+	url := p.config.AuthCodeURL(state, p.authCodeOptions...)
 	session := &Session{
 		AuthURL: url,
 	}

From f989ac050b49f54c3f6ed204c2fd0661295614a1 Mon Sep 17 00:00:00 2001
From: JensHeise <62468949+JensHeise@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:33:03 +0200
Subject: [PATCH 2/3] test: add test case for openidConnect authCodeOptions

---
 providers/openidConnect/openidConnect_test.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/providers/openidConnect/openidConnect_test.go b/providers/openidConnect/openidConnect_test.go
index 3e844359f..7dd76e04f 100644
--- a/providers/openidConnect/openidConnect_test.go
+++ b/providers/openidConnect/openidConnect_test.go
@@ -78,6 +78,24 @@ func Test_BeginAuth(t *testing.T) {
 	a.Contains(s.AuthURL, "scope=openid")
 }
 
+func Test_BeginAuth_AuthCodeOptions(t *testing.T) {
+	t.Parallel()
+	a := assert.New(t)
+
+	provider := openidConnectProvider()
+	provider.SetAuthCodeOptions(map[string]string{"domain_hint": "test_domain.com", "prompt": "none"})
+	session, err := provider.BeginAuth("test_state")
+	s := session.(*Session)
+	a.NoError(err)
+	a.Contains(s.AuthURL, "https://accounts.google.com/o/oauth2/v2/auth")
+	a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", os.Getenv("OPENID_CONNECT_KEY")))
+	a.Contains(s.AuthURL, "state=test_state")
+	a.Contains(s.AuthURL, "redirect_uri=http%3A%2F%2Flocalhost%2Ffoo")
+	a.Contains(s.AuthURL, "scope=openid")
+	a.Contains(s.AuthURL, "domain_hint=test_domain.com")
+	a.Contains(s.AuthURL, "prompt=none")
+}
+
 func Test_Implements_Provider(t *testing.T) {
 	t.Parallel()
 	a := assert.New(t)

From 07aad6f38980767adb9e9f00c1f6301197f5099d Mon Sep 17 00:00:00 2001
From: JensHeise <62468949+JensHeise@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:56:07 +0200
Subject: [PATCH 3/3] style: whitespace

---
 providers/openidConnect/openidConnect.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/providers/openidConnect/openidConnect.go b/providers/openidConnect/openidConnect.go
index 109ef333d..5b22d3d79 100644
--- a/providers/openidConnect/openidConnect.go
+++ b/providers/openidConnect/openidConnect.go
@@ -51,14 +51,14 @@ const (
 
 // Provider is the implementation of `goth.Provider` for accessing OpenID Connect provider
 type Provider struct {
-	ClientKey    	string
-	Secret       	string
-	CallbackURL  	string
-	HTTPClient   	*http.Client
-	OpenIDConfig 	*OpenIDConfig
-	config       	*oauth2.Config
-	authCodeOptions	[]oauth2.AuthCodeOption
-	providerName 	string
+	ClientKey       string
+	Secret          string
+	CallbackURL     string
+	HTTPClient      *http.Client
+	OpenIDConfig    *OpenIDConfig
+	config          *oauth2.Config
+	authCodeOptions []oauth2.AuthCodeOption
+	providerName    string
 
 	UserIdClaims    []string
 	NameClaims      []string