We’re currently facing an issue with one of our customers involving our Google Classroom integration. After creating an attachment through the integration, students from this customer are unable to access it. It appears that Google Classroom is not appending the login_hint query parameter, which is causing issues on our side.
According to the official documentation, the login_hint should be included if the user has granted the required scopes. However, for this particular customer, the parameter seems to be missing entirely.
We’ve been trying to replicate the issue in our sandbox by removing scopes or adjusting configuration settings in the Admin panel, but without success so far. We suspect there may be an admin-level setting that’s limiting the scope, as the issue only affects this one customer—everything is working as expected for others.
Has anyone encountered a similar issue or found a workaround? Any insights or suggestions would be greatly appreciated.
The login_hint parameter in Google Classroom deep links is populated only when the user’s session context is known and the OAuth request includes the necessary identity scopes, typically openid or email in addition to the Classroom scopes. If it’s missing for a specific domain, it can be due to the customer’s Google Workspace admin restricting profile or identity sharing via Context-Aware Access or OAuth app access control.
I’d suggest checking in the affected customer’s Admin console under Security > API controls > Manage Third-Party App Access to confirm your integration is trusted and allowed to access the identity scopes. Also verify that the OAuth consent screen for your project lists these scopes and that the app is authorized for all users in that domain. If the domain enforces SSO or has custom login flows, those can strip the login_hint, so testing with a direct OAuth flow from your app in that tenant can confirm whether the parameter is being set before Classroom generates the link.