Is there a way to limit user login/creation based on DOMAIN

  • Resolved doyenwilliams

    (@doyenwilliams)


    1 year ago

    My client has a domain running Google Workspace and we want to use this plugin.

    This issue is – if we do, currently anyone with any Google-powered email address would be able to register and log in to the site.

    Is there a way to limit to our specific Google-powered domain?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter doyenwilliams

    (@doyenwilliams)

    …found the solution.

    This setting is NOT in the plugin itself, but within the OAuth settings you will need to create when creating the intermediary Google app that processes the authentication request.

    Plugin Support Robert

    (@robertnextendweb)

    In case anyone meets the same problem:

    You can set the user type to “Internal” in your Google App on the OAuth Consent Screen. In such a case, Google itself will not allow authentication.

    If it is needed to extend this email domain limitation to other providers, then that can be achieved with custom coding, as seen here:
    https://nextendweb.com/nextend-social-login-docs/backend-developer/#prevent-registration
    In the above example certain domains are blocked, so instead of that the logic needs to be reversed, to only allow certain domains. However, please note that we cannot help with custom coding.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is there a way to limit user login/creation based on DOMAIN’ is closed to new replies.