是否可以只允许某些谷歌帐户登录?例如myname@mycompany.com是通过谷歌主机(他们实际上是谷歌帐户)。我只想要@mycompany能够登录的用户这可能吗?你用devise还是google api来做这个?
谢谢 :)
问问题
1550 次
1 回答
4
如果您使用的是omniauth-google-oauth2,您可以通过hd在初始化期间为选项提供值来完成域限制。
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], {
scope: 'email, profile',
hd: 'mycompany.com'
}
end
也可以在处理回调的控制器中处理这个问题。您可以根据 中提供的值拒绝用户request.env["omniauth.auth"]。
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google_oauth2
auth_details = request.env["omniauth.auth"]
if auth_details.info['email'].split("@")[1] == "yourdomain.com"
# do all the bits that come naturally in the callback controller
user = User.from_omniauth(request.env["omniauth.auth"])
if user.persisted?
flash.notice = "Signed in Through Google!"
sign_in_and_redirect user
else
session["devise.user_attributes"] = user.attributes
flash.notice = "You are almost Done! Please provide a password to finish setting up your account"
redirect_to new_user_registration_url
end
else
# This is where you turn away the poor souls who do not match your domain
render :text => "We're sorry, at this time we do not allow access to our app."
end
end
end
于 2013-09-17T22:25:37.823 回答