如何知道谷歌账户是否在谷歌应用程序域名下？ [英] How to know if a google account is under a google apps domain?

问题描述

我正在开发一款应用程序，允许用户将他们的云端硬盘文件分享给朋友。但是，Google App帐户存在问题，例如 someone@somadomain.com ，其中的文件无法与不在该域下的用户共享。尽管共享策略可以由 somedomain.com 的管理员进行更改，但我不希望人们使用我的应用与Google Apps帐户。

我也检查了这篇文章：如何确定该帐户是否为Google应用帐户？。但我不同意检查域来检测帐户类型的想法。因为人们可以使用任何电子邮件地址注册Google帐户。我只在Hotmail上注册了一个， someone@hotmail.com ，共享文件时没有域名限制。

任何人都可以帮忙吗？谢谢！

解决方案

假设您包括：

  https://www.googleapis.com/auth/userinfo.email 
  

在您的OAuth范围，您可以提出请求：

  https://www.googleapis.com/oauth2/v2/userinfo 
  

如果是Google Apps帐户，则会返回hd参数（托管域？）与Google Apps域名的通话，因为它的价值。如果是消费者帐户，无论是@ gmail.com还是潜在的冲突帐户，都不会返回hd参数。看我下面的例子。 admin@jay.powerposters.org是一个Google Apps帐户，而consumer@jay.powerposters.org是一个消费者帐户。如果我在Google Apps域中创建了一个消费者用户，它将成为一个冲突帐户，而消费者帐户将被推出@ jay.powerposters.org命名空间，但尚未发生。

对于admin@jay.powerposters.org：
$ b

  GET https://www.googleapis.com / oauth2 / v2 / userinfo 
 
 HTTP / 1.1 200 OK 
内容长度：99 
 X-xss-protection：1; mode = block 
 ... 
 
 {
email：admin@jay.powerposters.org，
verified_email：true，
hd：jay.powerposters.org
} 
  

对于消费者@ jay .powerposters.org：

  GET https://www.googleapis.com/oauth2/v2/userinfo 
 
 HTTP / 1.1 200 OK 
内容长度：71 
 X-xss-protection：1; mode = block 
 
 {
email：consumer@jay.powerposters.org，
verified_email：true 
} 
  




I am working on an app that allows user to share their Drive files to friends. But there is a problem of Google App Account, like someone@somadomain.com, of which files cannot be shared with people who are not under that domain. Although the share policy can be changed by admin of somedomain.com, but I prefer not allowing people use my app with Google Apps Account.

I also check this post: How to determine if the account is a Google apps account?. But I don't agree with the idea of checking domain to detect account type. Because people can register Google Account with any email address. I just registered one with my Hotmail, someone@hotmail.com, which has no domain restriction when sharing a file.

Can anyone help with this? Thanks!

解决方案

Assuming you included:

https://www.googleapis.com/auth/userinfo.email

in your OAuth scopes, you can make a request to:

https://www.googleapis.com/oauth2/v2/userinfo

If it's a Google Apps account, an "hd" parameter (Hosted Domain?) will be returned by the call with the Google Apps domain as it's value. If it's a consumer account, whether it's @gmail.com or even a potential "conflicting account", the hd parameter will not be returned. See my example below. admin@jay.powerposters.org is a Google Apps Account while consumer@jay.powerposters.org is a consumer account. If I created a consumer user in the Google Apps domain it wouuld become a conflicting account and the consumer account would be pushed out of the @jay.powerposters.org namespace but that hasn't happened yet.

For admin@jay.powerposters.org:

GET https://www.googleapis.com/oauth2/v2/userinfo

HTTP/1.1 200 OK
Content-length: 99
X-xss-protection: 1; mode=block
...

{
 "email": "admin@jay.powerposters.org",
 "verified_email": true,
 "hd": "jay.powerposters.org"
}

For consumer@jay.powerposters.org:

GET https://www.googleapis.com/oauth2/v2/userinfo

HTTP/1.1 200 OK
Content-length: 71
X-xss-protection: 1; mode=block

{
 "email": "consumer@jay.powerposters.org",
 "verified_email": true
}

这篇关于如何知道谷歌账户是否在谷歌应用程序域名下？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！