将Google OAuth2.0的登录电子邮件限制为特定域名 [英] Restrict Login Email with Google OAuth2.0 to Specific Domain Name
问题描述
我似乎无法找到任何关于如何限制登录到我的Web应用程序(使用OAuth2.0和Google API)的文档来仅接受来自用户的身份验证请求,并且使用特定域名或域名。我想列入白名单而不是黑名单。
有没有人有关于如何做到这一点的建议,关于正式接受的方法的文档或简单,安全的文档解决办法吗?
为了记录,我不知道有关用户的任何信息,直到他们尝试通过Google的OAuth身份验证登录。所有我收到的是基本的用户信息和电子邮件。
所以我有一个答案给你。在oauth请求中,您可以添加hd = domain.com,它将限制身份验证给来自该域的用户(我不知道您是否可以执行多个域)。您可以找到记录在此处的hd参数
我在这里使用google api库: http://code.google .com / p / google-api-php-client / wiki / OAuth2 ,所以我不得不手动编辑/auth/apiOAuth2.php文件到这个:
< pre $
public function createAuthUrl($ scope){
$ params = array($ b $'response_type = code',$ b $''redirect_uri ='。urlencode($ urlencode($ scope),
'client_id ='。urlencode($ this-> clientId),
'scope ='。urlencode($ scope),
'access_type ='。 urlencode($ this-> accessType),
'approval_prompt ='。urlencode($ this-> approvalPrompt),
'hd = domain.com'
);
if(isset($ this-> state)){
$ params [] ='state ='。进行urlencode($这 - >状态);
}
$ params = implode('&',$ params);
返回self :: OAUTH2_AUTH_URL。 ?$ PARAMS;
}
编辑:
我仍然在研究这个应用程序,发现这可能是对这个问题更正确的答案。 https://developers.google.com/google-apps/profiles/
I can't seem to find any documentation on how to restrict the login to my web application (which uses OAuth2.0 and Google APIs) to only accept authentication requests from users with an email on a specific domain name or set of domain names. I would like to whitelist as opposed to blacklist.
Does anyone have suggestions on how to do this, documentation on the officially accepted method of doing so, or an easy, secure work around?
For the record, I do not know any info about the user until they attempt to log in through Google's OAuth authentication. All I receive back is the basic user info and email.
So I've got an answer for you. In the oauth request you can add "hd=domain.com" and it will restrict authentication to users from that domain (I don't know if you can do multiple domains). You can find hd parameter documented here
I'm using the google api libraries from here: http://code.google.com/p/google-api-php-client/wiki/OAuth2 so I had to manually edit the /auth/apiOAuth2.php file to this:
public function createAuthUrl($scope) {
$params = array(
'response_type=code',
'redirect_uri=' . urlencode($this->redirectUri),
'client_id=' . urlencode($this->clientId),
'scope=' . urlencode($scope),
'access_type=' . urlencode($this->accessType),
'approval_prompt=' . urlencode($this->approvalPrompt),
'hd=domain.com'
);
if (isset($this->state)) {
$params[] = 'state=' . urlencode($this->state);
}
$params = implode('&', $params);
return self::OAUTH2_AUTH_URL . "?$params";
}
Edit: I'm still working on this app and found this, which may be the more correct answer to this question. https://developers.google.com/google-apps/profiles/
这篇关于将Google OAuth2.0的登录电子邮件限制为特定域名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
