How to limit Google social logins to specific emails?

I want to limit sign in using Google OAuth 2.0 only to specific emails, hence I have configured Auth0 Lock to redirect to a backend endpoint where I perform the token exchange.

How would the ideal flow look like to pass back the token result? I could only do a redirect and pass it back by using a query parameter? Is there a better way, as in, let Auth0 Lock make a POST request where the result can be written back as a response?

1 Like

For that scenario I would consider doing the restriction through rules. The user would authenticate with a social connection, but then the rule would detect that it’s a Google OAuth2 social user and check the email.

If the email does not meet your criteria the rule would fail the authentication process by returning an error to the callback function.

This way the client application would either immediately receive the successful authentication response or the error due to the email restriction; there would be no need for the custom flow you described.

This would work but is there a way to submit that piece of code to a repository to version it. I haven’t seen any Auth0 providers for Terraform or Ansible. Would hate to have infrastructure not in code that can be auto-deployed.

Rules can be deployed automatically from a set of supported providers; see the deploy related extensions.