1

I'm creating a custom web app and I'm using Google sign in to authenticate. I would like for the Choose an account screen, to only allow the user to chose a G Suite account to login to my web app. I'm aware of passing the param hostedDomain with a single domain, array or an asterisk. When I use the asterisk as the value, the Choose an account screen display correctly, only showing accounts that are G Suite. The issue is that I get an error after selecting a G Suite Account.

Error: 'Account domain does not match hosted_domain specified by gapi.auth2.init.'

I don't want to specify which domain/domains that needs to be allowed. I want to allow all G Suite domains.

Is there such a thing? I feel like something like this shouldn't require too much. Currently, I'm thinking of just using the method getHostedDomain() after a successful login if that return null or undefined then the current email/profile is not a G Suite account so logged them out before getting further into the web app.

Thanks in advance.

Jeya Suriya Muthumari
  • 1,947
  • 3
  • 25
  • 47
Francisco
  • 11
  • 3
  • Can you allow Google OAuth accept everything, and then on your side reject logins with gmail.com, youtube.com, blogger.com (etc, all google properties with its own login) as the domain? Everything else should be a G Apps domain. That list of Google properties is a tricky part, but it should not be long, to my mind. – 9000 Apr 02 '20 at 05:57
  • 1
    Yes, that's basically what I stated if I understood your statement correctly. I can allow all users to login then after successful login check their account with method getHostedDomain to see if the user account is G Suite account since that method would return the hostedDomain on the account or undefined if the account is not a G Suite account. – Francisco Apr 02 '20 at 06:13

0 Answers0