的OAuth2限制使用HD specfic域名无法正常工作的邮件 [英] Oauth2 restrict to emails with specfic domain name using hd not working

问题描述

我的应用程序是在我的要求在HD参数中指定abc.com通过的OAuth2限制登录像abc.com特定域。<一个href=\"http://stackoverflow.com/questions/10858813/restrict-login-email-with-google-oauth2-0-to-specific-domain-name.com,but\">Restrict与谷歌的OAuth2.0到特定的域名登录邮箱但由于这几天与一个谷歌帐户login.I允许任何人相信我并没有改变code，甚至验证结果URI有此链接指令后在其HD参数中指定我的域名<一个href=\"https://developers.google.com/identity/protocols/OpenIDConnect#hd-param\">https://developers.google.com/identity/protocols/OpenIDConnect#hd-param藤。所以任何一个告诉我什么，我做错了什么？这里是我的code

 `重定向（URI：https://accounts.google.com/o/oauth2/auth+
            REDIRECT_URI = $ {redirectUri}＆安培; +
            RESPONSE_TYPE = code＆安培; +
            CLIENT_ID =$ {} my_client_id与＆amp; +
            范围= HTTPS％3A％2F％2Fwww.googleapis.com％2Fauth％2Fuserinfo.email+
            +的https％3A％2F％2Fwww.googleapis.com％2Fauth％2Fuserinfo.profile＆放大器; +
            approval_prompt =汽车和放大器; +
            HD = apposit.com）`
 

解决方案

我不知道为什么会这样，但你可以通过检查用户的邮件中包含除HD添加第二个安全机制 ABC。 COM 使用Java的包含（）方法或的endsWith（）之前û使用户可以去任何一种更可靠进一步在您的应用程序。

不过还是这是一个快速解决方案，并与其他的解决方案应该回答这个问题。

My app was restricting logins by Oauth2 to specific domain like abc.com by specifying abc.com in the hd parameter in my request .Restrict Login Email with Google OAuth2.0 to Specific Domain Name but since these past few days its allowing anyone with a Google account login.I am sure i didn't change the code and even verified the result uri has my domain name specified in its hd parameter following this link instruction https://developers.google.com/identity/protocols/OpenIDConnect#hd-param .so cany any one tell me what i am doing wrong? here is my code

     `redirect( uri : "https://accounts.google.com/o/oauth2/auth?" +
            "redirect_uri=${redirectUri}&" +
            "response_type=code&" +
            "client_id="${my_client_id}"& +
            "scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email" +
            "+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&" +
            "approval_prompt=auto&" +
            "hd=apposit.com")`

解决方案

I dont know why this is happening,but you can add a second security mechanism besides hd by checking if the user email contains abc.com using java's contains() method or endsWith() which is more reliable before u allow the user to go any further in Your app.

But still this is a quick fix and others with a solution should answer this question

这篇关于的OAuth2限制使用HD specfic域名无法正常工作的邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！