Replies: 17 comments 4 replies
-
I think that parameter isn't currently supported. I'll check it out and update the provider if needed. |
Beta Was this translation helpful? Give feedback.
-
From a quick search it seems maybe Google call this option We don't currently support it, but seems like a thing we would want to! Edit: Updated callback syntax for v3: As Google include an callbacks: {
signIn: async (user, account, profile) => {
if (account.provider === 'google' &&
profile.verified_email === true &&
profile.email.endsWith('@example.com')) {
return Promise.resolve(true)
} else {
return Promise.resolve(false)
}
},
} |
Beta Was this translation helpful? Give feedback.
-
Thanks @iaincollins, I will implement the callback as it will help. It would be good if the |
Beta Was this translation helpful? Give feedback.
-
@arnodel as a workaround, and this is what I currently do, you can explicitly define your oauth credentials to be able to be used internally only. That way Google itself will take care of only allowing people / accounts from inside your domain. |
Beta Was this translation helpful? Give feedback.
-
@ndom91 Oh that's neat, thank you, I didn't know you could do that. |
Beta Was this translation helpful? Give feedback.
-
@ndom91 That's interesting - if I understand you correctly, I don't think I can use that though as the domain for this app is not the domain of our users' gmail account. |
Beta Was this translation helpful? Give feedback.
-
@arnodel no, that's not necessary, its only necessary that the account with which you created the google developer console project and generated the oauth token, be a part of the users gmail domain. I just double checked, and I guess its Project-wide however, not on a key by key basis. So in the Google Dev Console, once you've selected your project, you can go to "OAuth Consent Screen" in the left menu. There you can select "Public" or "Internal" application. EDIT: Sorry didn't mean to hijack this thread, obviously adding this option to next-auth would also be a good feature. Especially for other oauth providers where this is not an option in their settings. |
Beta Was this translation helpful? Give feedback.
-
@ndom91 Thank you! That would be great if I can get it configured like this. |
Beta Was this translation helpful? Give feedback.
-
I can get it works by passing custom const options = {
providers: [
Providers.Google({
clientId: process.env.GOOGLE_ID,
clientSecret: process.env.GOOGLE_SECRET,
authorizationUrl:
"https://accounts.google.com/o/oauth2/auth?response_type=code&hd=domain.com", // hosted domain is domain.com
}),
],
}; Note for |
Beta Was this translation helpful? Give feedback.
-
It's great though, as it prevents users from inadvertently trying to sign in with an unauthorized account (as Google with narrow down the list of accounts to choose from). |
Beta Was this translation helpful? Give feedback.
-
Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks! |
Beta Was this translation helpful? Give feedback.
-
Maybe we can add my solution to the docs? |
Beta Was this translation helpful? Give feedback.
-
Would you be interested in opening a PR @ThewBear? |
Beta Was this translation helpful? Give feedback.
-
Add callback ./pages/api/auth/[...nextauth].ts file:
|
Beta Was this translation helpful? Give feedback.
-
TypeScript Error on : const emailVerified = profile?.email_verified typscript error: Property 'email_verified' does not exist on type 'Profile'.ts(2339) I do see the property in the documentation: What might I be missing? |
Beta Was this translation helpful? Give feedback.
-
@arnodel If I understood correctly, the requirements should help
|
Beta Was this translation helpful? Give feedback.
-
OR
|
Beta Was this translation helpful? Give feedback.
-
Hi there, I am trying to convert a project from v1 to v2. I have some difficulties with restricting the domain users can choose. In v1 I had in
next-auth.providers.js
the following.The
hd
provider option only allowed users to sign in with an email in themydomain.com
domain. In v2 I don't know how to achieve that. I triedBut that has no effect. Is there a way to achieve this in v2? It's a very important feature for me.
Beta Was this translation helpful? Give feedback.
All reactions