Take 2 on f74d6bb605.

New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.

lib/auth/google_oauth2_authenticator.rb

@@ -51,15 +51,25 @@ class Auth::GoogleOAuth2Authenticator < Auth::Authenticator
   end
 
   def register_middleware(omniauth)
+    options = {
+      setup: lambda { |env|
+        strategy = env["omniauth.strategy"]
+         strategy.options[:client_id] = SiteSetting.google_oauth2_client_id
+         strategy.options[:client_secret] = SiteSetting.google_oauth2_client_secret
+      },
+      skip_jwt: true
+    }
+
+    if (google_oauth2_prompt = SiteSetting.google_oauth2_prompt).present?
+      options[:prompt] = google_oauth2_prompt.gsub("|", " ")
+    end
+
+    google_oauth2_hd = SiteSetting.google_oauth2_hd
+    options[:hd] = google_oauth2_hd if google_oauth2_hd.present?
+
     # jwt encoding is causing auth to fail in quite a few conditions
     # skipping
-    omniauth.provider :google_oauth2,
-           setup: lambda { |env|
-             strategy = env["omniauth.strategy"]
-              strategy.options[:client_id] = SiteSetting.google_oauth2_client_id
-              strategy.options[:client_secret] = SiteSetting.google_oauth2_client_secret
-           },
-           skip_jwt: true
+    omniauth.provider :google_oauth2, options
   end
 
   protected