I currently have my app auth working using the Google IDP integration and it is working great. The only problem is, anyone can sign up. Now although I can handle this on the backend I was wondering if there is a way to limit who can use IDP from the auth0 side.
The ideal setup would be one where I can add users email addresses to allow then to login with any IDP.
Hi @jackiegleason,
Can you confirm if you are using the Google Workspace Connection or the Google/Gmail Social Connection?
Thanks,
Mary Beth
Hello @jackiegleason,
To limit who can use IDP from the Auth0 side, you can add an additional step in your authentication flow. This can be done by implementing a rule to allow only specific email addresses to log in.
Here’s an example of how you might accomplish this:
json
function (user, context, callback) {
const allowedEmails = [ 'user1@example.com', 'user2@example.com' ];
if (allowedEmails.includes(user.email)) {
return callback(null, user, context);
}
return callback(new UnauthorizedError('Access denied.'));
}
This rule will check if the user’s email is in the allowed list and only permit access if it is.
Best Regards,
James Henry
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.