Error: OAuth 2 parameters can only have a single value: hd

Question

Restricted the app to login using OAuth to one domain (say abc.com). Getting the error with the following steps:

Logged in with multiple accounts in a browser on google.
On trying to login with a user whose domain is not mentioned, nothing happens(no error message). Try to login with the invalid user twice.
Now try to login with a valid user.

On doing that the following error occurs:

OAuth 2 parameters can only have a single value: hd

In the error stack trace client id is visible. Is that a security risk?

How can this error be fixed?

I just implemented this functionality and am seeing the same message when I perform the same steps. Not a very user-friendly workflow — Nicholas Franceschina, Aug 20 '14 at 14:52
http://stackoverflow.com/questions/29694840/googles-openid-connect-says-oauth-2-parameters-can-only-have-a-single-value-c — Nicholas Franceschina, Jul 29 '15 at 21:17

score 1 · Answer 1 · edited Oct 07 '21 at 12:12

According to documentation the hd parameter is for G Suite, so you are probably repeating the hd parameter, one with the hd=* and the other with your hosted domain(s). Also states that you should not rely in this UI optimization to control access to your app.

In the error stack trace client id is visible. Is that a security risk?

None. It is not a secret. It is use for debugging purpose.

How can this error be fixed?

Try to replace the param hd instead of just add a new one. In general, this should be done with every param of your request. Also the OAuth2 documentation states an invalid_request error when you repeat a parameter.

Error: OAuth 2 parameters can only have a single value: hd

1 Answers1