in pan-domain-auth-play/src/main/scala/com/gu/pandomainauth/service/OAuth.scala [54:65]
def redirectToOAuthProvider(antiForgeryToken: String, email: Option[String] = None)
(implicit context: ExecutionContext): Future[Result] = {
val queryString: Map[String, Seq[String]] = Map(
"client_id" -> Seq(config.clientId),
"response_type" -> Seq("code"),
"scope" -> Seq("openid email profile"),
"redirect_uri" -> Seq(redirectUrl),
"state" -> Seq(antiForgeryToken)
) ++ email.map("login_hint" -> Seq(_)) ++ config.organizationDomain.map("hd" -> Seq(_))
discoveryDocument.map(dd => Redirect(s"${dd.authorization_endpoint}", queryString))
}