问题
My app was restricting logins by Oauth2 to specific domain like abc.com by specifying abc.com in the hd parameter in my request .Restrict Login Email with Google OAuth2.0 to Specific Domain Name but since these past few days its allowing anyone with a Google account login.I am sure i didn't change the code and even verified the result uri has my domain name specified in its hd parameter following this link instruction https://developers.google.com/identity/protocols/OpenIDConnect#hd-param .so cany any one tell me what i am doing wrong? here is my code
`redirect( uri : "https://accounts.google.com/o/oauth2/auth?" +
"redirect_uri=${redirectUri}&" +
"response_type=code&" +
"client_id="${my_client_id}"& +
"scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email" +
"+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&" +
"approval_prompt=auto&" +
"hd=apposit.com")`
回答1:
I dont know why this is happening,but you can add a second security mechanism besides hd by checking if the user email contains abc.com using java's contains() method or endsWith() which is more reliable before u allow the user to go any further in Your app.
But still this is a quick fix and others with a solution should answer this question
来源:https://stackoverflow.com/questions/34220051/oauth2-restrict-to-emails-with-specific-domain-name-using-hd-not-working