指定域名白名单仍然允许其他人使用python social auth和django进行身份验证 [英] Specifying whitelist of domain names still allows others to authenticate with python social auth and django

问题描述

我沿用了本教程： http://www.artandlogic.com/blog/2014/04/tutorial-adding-facebooktwittergoogle-authentication-to-a-django-application/ ，我对Google身份验证特别感兴趣。我已经成功地创建了演示网站，并且可以使用Google登录。

I'm following along this tutorial: http://www.artandlogic.com/blog/2014/04/tutorial-adding-facebooktwittergoogle-authentication-to-a-django-application/ and am specifically interested in the Google authentication. I have successfully been able to create the demo site, and am able to log in using Google.

阅读python social auth的文档，您应该可以指定白名单域名列表： http://python-social-auth.readthedocs.org/en/latest/configuration/settings.html#whitelists

Reading the documentation of python social auth, you should be able to specify a list of whitelist domains: http://python-social-auth.readthedocs.org/en/latest/configuration/settings.html#whitelists

在设置中放置 SOCIAL_AUTH_GOOGLE_WHITELISTED_DOMAINS = ['foo.com'] 时， py 我仍然可以使用我的标准Gmail帐户登录。你如何限制那些只能登录到 @ foo.com 电子邮件的用户？

When I place SOCIAL_AUTH_GOOGLE_WHITELISTED_DOMAINS = ['foo.com'] in settings.py I am still able to log in using my standard gmail account. How do you limit those who can log in to only those with a @foo.com email?

推荐答案

您的设置中的变量名称不正确，应为： SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Your variable name in settings is not correct, it should be: SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

这篇关于指定域名白名单仍然允许其他人使用python social auth和django进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！