Overview
This article explains how to restrict access to only pre-registered users logging in through specific social connections (e.g., Google) using a Post-Login Trigger. This can be implemented to validate user logins against an external database, ensuring that only authorized users log in via specific social connections while others are skipped or blocked.
Applies To
- Social Connections
- Post-Login Trigger
Solution
Use a Post-Login Trigger to verify if the user’s email exists in an external database. If the email is not found, deny the login. This approach ensures that only pre-registered users can log in via social enterprise connections.
Key Behavior:
- Allowed: Users whose emails are already registered in the external database can log in.
- Blocked: Users whose emails are not registered in the external database are denied login.
Code Sample:
exports.onExecutePostLogin = async (event, api) => {
if (event.connectionStrategy !== 'google-oauth2') {
return; //Skip other connections
}
const userEmail = event.user.email;
const userExists = await checkUserInDatabase(userEmail);
if (!userExists) {
api.access.deny("no_social_login", "Your social login is not allowed.");
}
};
// Example function to check if the user exists in your database
async function checkUserInDatabase(email) {
// Replace with actual database check logic
const existingUsers = ['user@example.com', 'user2@example.com'];
return existingUsers.includes(email);
}