Email Whitelist only for one app

Hello , I use a auth0 with social connection my application public, for the administration app , I want use the same scheme , but authorize only google et one domain email. I see the rule emailDomainWhitelist , but it"s possible to trigger the rule for the admin connection. Example add parameter in the auth0 client Javascript .


Hi @sebastien.nicouleau,

Welcome to the Community!

You can add a whitelist for a specific app by checking the application name in the rule:

function userWhitelistForSpecificApp(user, context, callback) {
  // only enforce for NameOfTheAppWithWhiteList
  // bypass this rule for all other apps
  if (context.clientName !== 'NameOfTheAppWithWhiteList') {
    return callback(null, user, context);

  const whitelist = ['', '']; //authorized domains
  const userHasAccess = whitelist.some(
      function (domain) {
        const emailSplit ='@');
        return emailSplit[emailSplit.length - 1].toLowerCase() === domain;

  if (!userHasAccess) {
    return callback(new UnauthorizedError('Access denied.'));

  return callback(null, user, context);

Hi Stephanie, thanks for your reply. But it’s not possible to pass any extra params from js librairie ?
Or I create a new application in my auth0 account , with a new specific domain.

If you have two separate apps (one public app and one admin app), then it’d be best to set up two separate applications in your Auth0 dashboard.

If it is the same application with two portals that are guarded by permissions, then you can use the same Auth0 application. If this is the case, then you can distinguish the two apps with a query param. In your app, you’d initiate auth with something like loginWithRedirect({admin: true}) (the syntax for this depends on which SDK you are using). In your rule, you can check for this query param like this:

  const query = (context.request || {}).query || {};
  const isAdmin = query.admin;
  if (isAdmin) {
    return callback(null, user, context);

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.