Restrict access to google domain

[Thameemans]

We need to only access the work email id, no need for @gmail.com domain. How to restrict it?

[charlesjavelona]

Upvote for this. @Thameemans , how did you end up working around this ?
Tried adding the work email in scope=<name@work_email>, but didn't work for me.

[charlesjavelona]

@Thameemans,

On the section, successCallback. It says, to restrict emails that equate to the host. One must
get the response token and then validate the token in an authenticated server.

What I did was in the responseGoogle(reponse) {...} callback function, get response.Zi.id_token

Then, do a GET request to https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${response.Zi.id_token} If response.data.hd exist in the axios callback function then allow the person to go further. Otherwise, reject them.

It still would be nice to have a feature where

<GoogleLogin
...
work_email={'work_email.com'}
/>

[lauri-suopera]

@charlesjavelona @Thameemans you can use the hostedDomain prop on the element to limit what accounts are visible in the account selection screen. Note that this does not validate that the account belongs to the organization/domain, it merely prevents normal users from accidentally selecting a wrong account. You may still want to validate the token as described in the docs.

<GoogleLogin
	...
	hostedDomain={"example.com"}
/>

[ievgennaida]

You should configure your CLIENT ID to accept only specific domains.
You can then check the received domain on the success but this is not enough.
You should pass a token to the backend and also check whether the domain is correct.

https://developers.google.com/identity/sign-in/web/backend-auth