Very low risk of anything bad here since we use a random port and the
chance of a CSRF attack is tiny, but this is a best practie to do when
using OAuth.
Since embedded browsers are no longer allowed to log into Google from the chat
dock is effectively read-only.
To prevent users from even trying to log in the input field is hidden
via custom CSS.