From e17dc97f2d9b3c3c146adcece85768a6caecc95b Mon Sep 17 00:00:00 2001
From: olivier <odelcroi@gmail.com>
Date: Tue, 29 Jul 2025 15:54:06 +0200
Subject: [PATCH 1/3] add login_hint to authorization url generation

Signed-off-by: olivier <odelcroi@gmail.com>

Signed-off-by: olivier <odelcroi@gmail.com>

fix lint

Signed-off-by: olivier <odelcroi@gmail.com>
---
 spec/unit/oidc/authorize.spec.ts | 17 +++++++++++++++++
 src/oidc/authorize.ts            |  4 ++++
 2 files changed, 21 insertions(+)

diff --git a/spec/unit/oidc/authorize.spec.ts b/spec/unit/oidc/authorize.spec.ts
index 2c3657bea42..e3137786025 100644
--- a/spec/unit/oidc/authorize.spec.ts
+++ b/spec/unit/oidc/authorize.spec.ts
@@ -164,6 +164,23 @@ describe("oidc authorization", () => {
 
             expect(authUrl.searchParams.get("prompt")).toEqual("create");
         });
+
+        it("should generate url with login_hint", async () => {
+            const nonce = "abc123";
+
+            const authUrl = new URL(
+                await generateOidcAuthorizationUrl({
+                    metadata: delegatedAuthConfig,
+                    homeserverUrl: baseUrl,
+                    clientId,
+                    redirectUri: baseUrl,
+                    nonce,
+                    loginHint: "login1234",
+                }),
+            );
+
+            expect(authUrl.searchParams.get("login_hint")).toEqual("login1234");
+        });
     });
 
     describe("completeAuthorizationCodeGrant", () => {
diff --git a/src/oidc/authorize.ts b/src/oidc/authorize.ts
index f76809263fa..66fd1cc470d 100644
--- a/src/oidc/authorize.ts
+++ b/src/oidc/authorize.ts
@@ -125,6 +125,7 @@ export const generateAuthorizationUrl = async (
  * @param prompt - indicates to the OP which flow the user should see - eg login or registration
  *          See https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-prompt-parameter
  * @param urlState - value to append to the opaque state identifier to uniquely identify the callback
+ * @param loginHint - send connecting user login hint to OP
  * @returns a Promise with the url as a string
  */
 export const generateOidcAuthorizationUrl = async ({
@@ -136,6 +137,7 @@ export const generateOidcAuthorizationUrl = async ({
     nonce,
     prompt,
     urlState,
+    loginHint,
 }: {
     clientId: string;
     metadata: ValidatedAuthMetadata;
@@ -145,6 +147,7 @@ export const generateOidcAuthorizationUrl = async ({
     nonce: string;
     prompt?: string;
     urlState?: string;
+    loginHint?: string;
 }): Promise<string> => {
     const scope = generateScope();
     const oidcClient = new OidcClient({
@@ -163,6 +166,7 @@ export const generateOidcAuthorizationUrl = async ({
         nonce,
         prompt,
         url_state: urlState,
+        login_hint: loginHint,
     });
 
     return request.url;

From c96e396d93d440fd75226072bdf27b9e4f041d6d Mon Sep 17 00:00:00 2001
From: olivier <odelcroi@gmail.com>
Date: Thu, 31 Jul 2025 16:43:18 +0200
Subject: [PATCH 2/3] update doc

---
 src/oidc/authorize.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/oidc/authorize.ts b/src/oidc/authorize.ts
index 66fd1cc470d..3246bd91172 100644
--- a/src/oidc/authorize.ts
+++ b/src/oidc/authorize.ts
@@ -125,7 +125,8 @@ export const generateAuthorizationUrl = async (
  * @param prompt - indicates to the OP which flow the user should see - eg login or registration
  *          See https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-prompt-parameter
  * @param urlState - value to append to the opaque state identifier to uniquely identify the callback
- * @param loginHint - send connecting user login hint to OP
+ * @param loginHint - value to send as the `login_hint` to the OP, giving a hint about the login identifier the user might use to log in. 
+ *          See {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest OIDC core 3.1.2.1}.
  * @returns a Promise with the url as a string
  */
 export const generateOidcAuthorizationUrl = async ({

From a461099177877a9cf51cd3c80aefb696c8e1c563 Mon Sep 17 00:00:00 2001
From: mcalinghee <mcalinghee.dev@gmail.com>
Date: Mon, 18 Aug 2025 16:42:32 +0200
Subject: [PATCH 3/3] fix linter

---
 src/oidc/authorize.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/oidc/authorize.ts b/src/oidc/authorize.ts
index 3246bd91172..a250b061b89 100644
--- a/src/oidc/authorize.ts
+++ b/src/oidc/authorize.ts
@@ -125,7 +125,7 @@ export const generateAuthorizationUrl = async (
  * @param prompt - indicates to the OP which flow the user should see - eg login or registration
  *          See https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-prompt-parameter
  * @param urlState - value to append to the opaque state identifier to uniquely identify the callback
- * @param loginHint - value to send as the `login_hint` to the OP, giving a hint about the login identifier the user might use to log in. 
+ * @param loginHint - value to send as the `login_hint` to the OP, giving a hint about the login identifier the user might use to log in.
  *          See {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest OIDC core 3.1.2.1}.
  * @returns a Promise with the url as a string
  */