指定域名白名单仍然允许其他人使用python social auth和django进行身份验证 [英] Specifying whitelist of domain names still allows others to authenticate with python social auth and django
问题描述
我沿用了本教程: http://www.artandlogic.com/blog/2014/04/tutorial-adding-facebooktwittergoogle-authentication-to-a-django-application/ ,我对Google身份验证特别感兴趣。我已经成功地创建了演示网站,并且可以使用Google登录。
I'm following along this tutorial: http://www.artandlogic.com/blog/2014/04/tutorial-adding-facebooktwittergoogle-authentication-to-a-django-application/ and am specifically interested in the Google authentication. I have successfully been able to create the demo site, and am able to log in using Google.
阅读python social auth的文档,您应该可以指定白名单域名列表: http://python-social-auth.readthedocs.org/en/latest/configuration/settings.html#whitelists
Reading the documentation of python social auth, you should be able to specify a list of whitelist domains: http://python-social-auth.readthedocs.org/en/latest/configuration/settings.html#whitelists
在设置中放置
我仍然可以使用我的标准Gmail帐户登录。你如何限制那些只能登录到 SOCIAL_AUTH_GOOGLE_WHITELISTED_DOMAINS = ['foo.com']
时, py @ foo.com
电子邮件的用户?
When I place SOCIAL_AUTH_GOOGLE_WHITELISTED_DOMAINS = ['foo.com']
in settings.py
I am still able to log in using my standard gmail account. How do you limit those who can log in to only those with a @foo.com
email?
推荐答案
您的设置中的变量名称不正确,应为: SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
Your variable name in settings is not correct, it should be: SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
这篇关于指定域名白名单仍然允许其他人使用python social auth和django进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!