Oauth2 限制使用高清不工作的具有特定域名的电子邮件 [英] Oauth2 restrict to emails with specific domain name using hd not working

问题描述

我的应用程序通过在我的请求中的 hd 参数中指定 abc.com 来限制 Oauth2 登录到特定域，例如 abc.com.将使用 Google OAuth2.0 的登录电子邮件限制为特定域名 但由于过去几天它允许任何人Google 帐户登录.我确定我没有更改代码，甚至验证了结果 uri 在其 hd 参数中指定了我的域名，遵循此链接说明 https://developers.google.com/identity/protocols/OpenIDConnect#hd-param.谁能告诉我我在做什么错误的?这是我的代码

My app was restricting logins by Oauth2 to specific domain like abc.com by specifying abc.com in the hd parameter in my request .Restrict Login Email with Google OAuth2.0 to Specific Domain Name but since these past few days its allowing anyone with a Google account login.I am sure i didn't change the code and even verified the result uri has my domain name specified in its hd parameter following this link instruction https://developers.google.com/identity/protocols/OpenIDConnect#hd-param .so cany any one tell me what i am doing wrong? here is my code

     `redirect( uri : "https://accounts.google.com/o/oauth2/auth?" +
            "redirect_uri=${redirectUri}&" +
            "response_type=code&" +
            "client_id="${my_client_id}"& +
            "scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email" +
            "+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&" +
            "approval_prompt=auto&" +
            "hd=apposit.com")`

推荐答案

我不知道为什么会这样，但是您可以通过检查用户电子邮件是否包含 abc.com 使用 java 的 contains() 方法或 endsWith() 更可靠，然后您才允许用户在您的应用中进一步操作.

I dont know why this is happening,but you can add a second security mechanism besides hd by checking if the user email contains abc.com using java's contains() method or endsWith() which is more reliable before u allow the user to go any further in Your app.

但这仍然是一个快速解决方案，其他有解决方案的人应该回答这个问题

But still this is a quick fix and others with a solution should answer this question

这篇关于Oauth2 限制使用高清不工作的具有特定域名的电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！