I have a web application for which I would like to enable users to Signup to and Login to.
I would only like specific users to be able to signup, and I would only like the users which have signed up to be able to log in.
Most (if not all) users will be singing up from a specific list of organization domains, e.g.
org3.net, but I don’t want any user with a
org3.net email to be able to sign up and login.
In any case, I’d like the default behavior to be 401/403 (access denied).
Going forward, (ideally) I would like to manage one whitelist of user emails that get access to the app, and for their Roles to be set according to, e.g. domain. So for example, all users with the email
@org3.net would get a “Org3 Member” Role, which gives the user a “orgmember” scope/permission of something similar, but no access to the app. Then I would manually give specific users more specific Roles that would grant them access to the app itself.
I’ve gone over several Q&As here, such as these:
- Filtered Social Login - #4 by jphunsley
- Prevent user creation (with hook?) if user is not whitelisted with rule - #5 by stephanie.chamblee
But all solutions seem overly complex for what I believe is a rather simple request. In the first question I linked above, “dan.woda” says “it sounds like you are dangerously close to RBAC. This certainly could solve the problem, and may be easier. It is kind of set up to do what you are requesting.” But it is unclear to me how RBAC alone solves the problem in my case.
Thanks for any help with this.