in play-v30/src/main/scala/com/gu/googleauth/auth.scala [205:220]
def redirectToGoogle(config: GoogleAuthConfig, sessionId: String)
(implicit request: RequestHeader, context: ExecutionContext, ws: WSClient): Future[Result] = {
val userIdentity = UserIdentity.fromRequest(request)
val queryString: Map[String, Seq[String]] = Map(
"client_id" -> Seq(config.clientId),
"response_type" -> Seq("code"),
"scope" -> Seq("openid email profile"),
"redirect_uri" -> Seq(config.redirectUrl),
"state" -> Seq(config.antiForgeryChecker.generateToken(sessionId))) ++
hdParameter(config.domains).map(domain => "hd" -> Seq(domain)) ++
config.maxAuthAge.map(age => "max_auth_age" -> Seq(s"${age.toSeconds}")) ++
config.prompt.map(prompt => "prompt" -> Seq(prompt)) ++
userIdentity.map(_.email).map("login_hint" -> Seq(_))
discoveryDocument().map(dd => Redirect(s"${dd.authorization_endpoint}", queryString))
}