If a user attempts google authentication, but picks the incorrect domain confidant should redirect the user to an error page and log them out. Currently it just sends back 403s and gives them the interface, which is quite confusing.

@ryan-lane are you working on this one?

Haven't looked at it in a while. Were you wanting to work on it?