Description
What happened?
The configuration parameter "allowedDomains" is not respected when users register or login with social login (example: Google).
A list specifying allowed email domains for registration.
My configuration:
registration:
socialLogins: ['google']
allowedDomains:
- "mydomain.com"
The overall configuration seems to work as I can register and login with users who are on a Google Workspace domain of mydomain.com, yet also other users who happen to have a google account (different domain, or gmail.com) can still register and login.
According to api/server/middleware/checkDomainAllowed.js, there is code that
Checks the domain's social login is allowed
Happy to look into providing a PR once confirmed that it is not a mere misunderstanding/misconfiguration on my side.
Version Information
ghcr.io/danny-avila/librechat-dev-api latest d536c685a0df 14 hours ago 1.19GB
Steps to Reproduce
- Configure social login via Google and limit to a specific domain (allowedDomains) different from gmail.com
- Start LibreChat and see that registration works with your allowedDomain, but also with any other domain that is part of the Google-universe (e.g. gmail.com)
What browsers are you seeing the problem on?
Chrome
Relevant log output
There are neither error logs or debug logs available that are related to the issue.Screenshots
No response
Code of Conduct
- I agree to follow this project's Code of Conduct