CODEWITHSUNDEEP
meteorgoogle-oauth
kennysong
kennysong

Reputation: 2134

Limit Meteor.js built-in Google authentication to a domain

I'd like to use the Meteor.loginWithGoogle() tool to authenticate users, but is there any way to limit it to a specific (Google Apps) domain?

I could check after the user is authenticated using the returned email, but is there a way to do this at the login stage with some parameter for Google login?

Upvotes: 8

Views: 1247

Answers (2)

Ed Myers
Ed Myers

Reputation: 11

If you want to only allow certain users from your domain, you could also add a whitelist collection that defines user ids from your Google Apps account. This way you can restrict access to only certain users, get single sign-on functionality, and can pre-set user roles and properties for your app before users even create their accounts.

Use the Accounts.onCreateUser(function(options, user){}) callback for that since it allows you to define additional user properties.

Upvotes: 1

ErikMejerHansen
ErikMejerHansen

Reputation: 141

I dont think its possible right now. There is a pull resquest to partly add that functionality: https://github.com/meteor/meteor/pull/1332 The issue with that pull request seems to be that it only fixes the client side of thinges (ie. it only shows accounts from the selected domain when the user logs in). But it does not add any server side checks.

Im using the following workaround: In a .js file in the sever folder I have the following code:

Accounts.validateNewUser(function (user) {
    if(user.services.google.email.match(/example\.org$/)) {
        return true;
    }
    throw new Meteor.Error(403, "You must sign in using a example.org account");
});

This prevents accounts from being made for domains different from example.org.

Upvotes: 9

Related Questions