How to limit user login with google only on domains

[dattranvan22]

Hello,
I have connect nextcloud with google+. Now, I want just user account in my domains mail ( google suite) access to Login?How do this?
Thanks you !

[fuse]

This will definitely helps. Same issue here.

[fdcastel]

This is a very important setting. I don't want any Google user to access my Nextcloud system. Only my Google users.

Almost every social login out there has a feature like this ("allow only users from this domain").

I have no PHP experience. But looking at the HybridAuth documentation it seems to me this is already implemented in via the "hd" optional configuration in Google provider.

We just need a way to set this option now. 😉

[zorn-v]

I don't fully understand what means that hd auth param. Moreover, there is no such in official docs https://developers.google.com/identity/protocols/OAuth2WebServer

[zorn-v]

You can try paste something like

$config['authorize_url_parameters']['hd'] = 'https://ihavenoidea.com';

before this line for testing (I also don't know how to test it)

nextcloud-social-login/lib/Controller/LoginController.php

Line 107 in c0ab7db

return $this->auth(Provider::class.'\\'.ucfirst($provider), $config, $provider, 'OAuth');

[fdcastel]

Thank you @zorn-v ! It worked flawlessly. 👍

Adding "mydomain.com" to hd parameter makes Google login page to accept only users from @mydomain.com. (note: you must inform the domain part only. No protocols like "http://")

Please add a configuration for this. It would be immensely helpful for many other out there with the same problem.

[zorn-v]

Released in v1.11.0

[Dgo27]

If you log in with Google using the nextcloud android app (the official one), it is possible to use other domain. It's a bug and needs to be fixed.
Thank you!

[fdcastel]

@Dgo27 I just tested the Android app adding two different accounts from two different Nextcloud instances:

• one instance using simple user/pass authentication;
• and the other one using a Google account with restricted domain ("hd" parameter)

And everything worked just fine.

Using SocialLogin v1.11.0, Nextcloud v14.0.0, Android Nextcloud 3.3.0

Please try to upgrade everything to the latest version. If your problem persist, please open a new issue.

[dddmark]

About new setting - after turning off this option, I have not get a list of suggestions for selecting the input for user under which I am logged in.

[zorn-v]

Check v1.11.1

[dddmark]

Problem fixed, thanks!

[Dgo27]

Hi, I'm using SocialLogin v1.11.2, Nextcloud v14.0.4, Android Nextcloud 3.3.2 (they're all updated up to the last version)

As you can see on the attached pic, even if I've set a specific google domain, I can use other account domains without any problems. This is not true if I use an internet browser (no nextcloud app)

Best regards

[kmain4]

After configuring the social login Google domain, I can still sign in via the web portal.

[stratege1401]

@Dgo27 this is normal behaviors. You cannot have nextcloud color scheme modifying a google color scheme.

@Dgo27 @kmain4 also a normal behavior, as the google api might be offline , you can still use the password login.