Block @gmail.com users from logging in or signing up with Google Login

Knowledge Solutions
, , ,
1

Problem Statement

Is it possible to restrict the Google Social Login only to users with a specific domain, for example, “joe.user@okta.com”, and prevent every “@google. com” user from signing in or signing up?

In other words, is it possible to block “@gmail.com” users from signing up or logging in to the application?

Solution

Creating an Action that determines the user’s email domain and prevents access is possible. For example, if the domain matches ‘google.com’, that user can be denied access.

To achieve this behavior, it is necessary to create a Post-Login Action. Even though it is a “Post Login” Action, the user won’t be logged in. The Post-login Action follows the flow shown in this diagram:

image
image971×299 19 KB

The user will start the login flow but once the Action is triggered, it will perform the required validations and stop the issuing of the Access Token. The outcome will be that the user will be unable to log in with those credentials.

When it comes to Google Login, it is worth noting that this flow should be used either when attempting to block users from logging in as well as from signing up.

For signups, if using an Auth0 database connection, it is possible to use the Pre-Registration action flow to achieve the same result. However, if a user creates an account by signing up with Google (Google login), the correct flow is Post-Login.

The following example demonstrates how to block users associated with a specific domain, such as “@gmail.com”.
The following code example can be modified to address specific needs.

const onExecutePostLogin = async (event, api) => {
    var userEmailDomain = event.user.email;
    userEmailDomain = userEmailDomain.split("@")[1];

    if (userEmailDomain == 'gmail.com'){
        return api.access.deny('You are not allowed to access this resource');
    }
};
exports.onExecutePostLogin = onExecutePostLogin;

To create this Action:

  1. Login to the Admin dashboard
  2. Navigate to Dashboard > Actions > Flows > Login
  3. Click “+” to the right of Add Action
  4. Click Build Custom from the drop-down list
  5. The Create Action box appears: assign a name, trigger type, and Node runtime
  6. Click Create to create the Action

Create a new Action

Once the new Action has been created, a code editor will be displayed, and the code for the Action can be defined.

Once the code is complete and ready to be tested, drag it to the Post-Login Action flow. It is now ready for execution.

References: