New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Restrict user registration to a specific group/other criteria #31
Comments
In the upcoming release for additional login providers (such as OpenID Connect, Facebook, Google and Twitter) we will have an option to allow registration using one of these providers. This means that if you enable Google login for example, you will have the option of allowing automatic registration of a user for a particular application. So a user comes to your application and chooses to login via Google, a successful login would cause FusionAuth to create the user and register the user for the Application automatically. In general we think people will want this enabled by default, but you will have the option to turn this off by application and by identity provider. In this configuration you would have to manually register the user for an application before they would be allowed to log in using an external provider. We have also discussed allowing this type of behavior for native FusionAuth login. We would think of this as anonymous registration. This way you could build a single page web application with login and registration without requiring an API key to call FusionAuth. Would either of these ideas work for you? In the scenario you describe where a user that is on a list or a member of a group for example is then allowed to register (subscribe) to an application, would you still be using an API key - but you want the list of users enforced in FusionAuth? Or are you thinking that if the criteria is met for a user to register (subscribe) this can be done without an API key or other form of API authentication. In this second case, the criteria simply removes the requirement to authenticate the API request. |
In version If there is a use case that the new domain blocking feature in version Thanks! |
How to restrict registration by email domain ? I seen "Blocked domains" in the Tenant Security settings but I would like to deny all domains except some client domains |
@feraudet the feature Daniel mentions is documented here: https://fusionauth.io/docs/v1/tech/advanced-threat-detection/#registration-domain-blocking
You might want to consider a registration transactional webhook which could examine the domain provided by a user and fail if it didn't match a list. |
We would like to restrict the registration to an app to a list of users
So far, the only parameter I could see is the group.
We have segmented our users to different groups, and we would like to allow app registrations to a specific group.
Describe the solution you'd like
we would like to have a parameters (group or another one?) to say something like « User 1 can subscribe to the app A only if he belongs to a specific list, User 2 can only subscribe to app B and c, etc »
Describe alternatives you've considered
right now we do this check from our code but it could be better to have this constraint in the product itself.
Does it make sense for you?
The text was updated successfully, but these errors were encountered: