I currently have my app auth working using the Google IDP integration and it is working great. The only problem is, anyone can sign up. Now although I can handle this on the backend I was wondering if there is a way to limit who can use IDP from the auth0 side.
The ideal setup would be one where I can add users email addresses to allow then to login with any IDP.
Hi @jackiegleason,
Can you confirm if you are using the Google Workspace Connection or the Google/Gmail Social Connection?
Thanks,
Mary Beth
Hello @jackiegleason,
To limit who can use IDP from the Auth0 side, you can add an additional step in your authentication flow. This can be done by implementing a rule to allow only specific email addresses to log in.
Here’s an example of how you might accomplish this:
json
function (user, context, callback) {
const allowedEmails = [ 'user1@example.com', 'user2@example.com' ];
if (allowedEmails.includes(user.email)) {
return callback(null, user, context);
}
return callback(new UnauthorizedError('Access denied.'));
}
This rule will check if the user’s email is in the allowed list and only permit access if it is.
Best Regards,
James Henry