Auth0 Home Blog Docs

Email whitelist for Shiny server app

Hi, I am new to auth0 and am having a bit of trouble with setting up a rule to restrict the email domain of registered users. I am running a free Shiny Server on a DigitalOcean droplet and would like to restrict access to some of the Shiny apps that I have developed. I have R, Shiny, and auth0 set up and working. When I set up the email domain whitelist rule, all accounts with the whitelisted domain work as expected. However, those that fail seem to end up in an infinite loop. The “access denied” message is sent, but the page just keeps trying to load over and over. Obviously, I do not have this configured correctly. I have been messing with this for a couple of days now, and don’t have a clue. Any help would be appreciated. I would list configuration parameters, but I don’t even know which ones are relevant here (as I said, I’m pretty new to auth0).

Hello, @WeeBeasties. Welcome to our community.

Would you mind pasting the rule you have configured in your Auth0 tenant?

Regards,
Bruno Krebs

I’m pretty sure that the issue I had was with the R package that I was using to interface with auth0. I am pasting my rule below, but I have it more-or-less working now. The only issue I have at the moment is when a non-whitelisted domain is rejected. I just get dumped back to the login panel (no error message appears to say what went wrong). I was expecting the error message to appear as it does when the password used does not match.

==========================
function (user, context, callback) {

// Access should only be granted to verified users.
if (!user.email || !user.email_verified) {
return callback(new UnauthorizedError(‘Access denied - you must have a verified email.’));
}

const whitelist = [‘ferris.edu’]; //authorized domains
const userHasAccess = whitelist.some(
function (domain) {
const emailSplit = user.email.split(’@’);
return emailSplit[emailSplit.length - 1].toLowerCase() === domain;
});

if (!userHasAccess) {
return callback(new UnauthorizedError(‘Access denied - you must have a Ferris email.’));
}

return callback(null, user, context);
}