It would be nice to allow only specific domains to log in via Google OAuth. 
This would prevent users from logging in with their personal Google 
accounts and force them to use their GSuite account. This would ensure that 
users are using their business email for tickets.


I've done this in Laravel before, but I am not proficient with Rails, so I 
have no idea where to begin.

At a high level it would involve:

   - A section in the admin panel to whitelist specific domains.
   - Sending the HD parameter 
   <https://developers.google.com/identity/protocols/OpenIDConnect#hd-param> to 
   Google with the OAuth request.
   - Validating the callback information on the server to verify that the 
   OAuth parameters were not tampered with.
   - An error displayed in the view if someone attempts to log in with a 
   non whitelisted domain.

Please feel free to point me in the direction of how to implement this.

P.S. Sorry for submitting a Github issue before posting here. I submitted 
the issue before I knew about this forum.

-- 
You received this message because you are subscribed to the Google Groups 
"zammad-core" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to zammad-core+unsubscr...@googlegroups.com.
To post to this group, send email to zammad-core@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/zammad-core/66b97701-8132-41c9-978e-f898fc9d013a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to