Authorising users from a specific domain name
Opened this issue · 6 comments
I cloned your project and it worked like a charm. I just want to know how can I limit users only from a specific domain to access the API's. Suppose I have two email Id's abc@abc.com and abc@xyz.com. I want to allow all people with email id ending in xyz.com to access the resources and restrict all others. How can I achieve this ?
In the user authorization URI, you can try adding the "hd" (host domain) query parameter. For example:
https://accounts.google.com/o/oauth2/v2/auth?hd=orangeandbronze.com
Note that this only gives the authorization server a hint. It allows the UI that prompts the user for permission to use the given host domain. But it will still allow users from other domains. So, the code will still need to check.
If this answers your question, we can close.
Okay.. that sounds like a display filter. We are just telling the user that you should use this but we are not enforcing it. Can you tell me where I can put the if condition to split the email id and check if the domain equals to xyz.com? If the domain name matches we allow him to go forward otherwise redirect him to the SSO login page again to login with the account that has domain xyz.com.
Thanks for the fantastic blog post @lorenzodee . I have exactly the same issue / question. Any help would be gratefully received.
@aqua-regia - did you manage to find a solution?
Thanks.
@aqua-regia I think I've found a solution. The GoogleUserInfoTokenServices class can have an AuthoritiesExtractor. There is one in there (commented out).
@joeltoby Can you show me your implementation. Due to some problems, I haven't been able to dig further into the problem but still, I have to solve it, some day or the other.
any code example?