replacing duo with google auth #3
Conversation
| */ | ||
| 'Google' => array( | ||
| 'client_id' => '', |
There was a problem hiding this comment.
Pick these from environment variables
|
@rishabhp Is there any way we can get list of google groups in the oauth scope? We'd want to limit app access to a specific google group. (say devs@razorpay). Alternatively, if that is not possible, we can drop the user-creation from here and only allow users with existing emails in the database to login. That way, registration is slow (you need to ask an admin), but logins are still fast and we get to limit access. |
|
@captn3m0 I'll read up on their oauth scopes entirely and let you know. |
ghost
| // - Belong to razorpay.com domain | ||
| // | ||
| // Then only we'll create a user entry in the system or check for one | ||
| if (!$result->verified_email || explode('@', $result->email)[1] !== $_ENV['company_domain']) return App::abort(404); |
There was a problem hiding this comment.
This is buggy. Email can have more than 1 @. Although gmail currently doesn't allow @ in the email address but since it's a third party service we shouldn't rely on them.
@captn3m0 @venkatvghub
I haven't removed any Duo (old auth) code. Will do once the new Google Auth works perfectly on production.
Also have created a
duo_masterbranch for duo code backup.