tags:

views:

10

answers:

1
Q: 

Restrict Google account logins to a specified Apps domain

How can I let users log in to my web app with their Google account, and verify that they logged in from a certain Google Apps domain?

Does the hd parameter to the Google Authorization service ensure that only the selected domain can be used to login?

Or can I get the logged in user's email and verify that it ends with "@domain.com"? This doesn't seem like such a good idea.

After login I also need to access the users' Google Contacts, which according to the documentation requires AuthSub proxy authentication.

A: 

It seems I can use the OpenID+OAuth Hybrid protocol to both identify the user and get an access token to the data APIs, as described in this blog post.

See this question for info about how to get the user's email using OpenID. I guess I can then verify that it ends with the correct domain name.

Christian Davén  2010-09-09 07:42:59

related questions

Smtp Config in asp.Net
How can we create our own google lab feature?
What is the unique ID (identifier) for a Google GData ContactEntry object?
Google Video API
Moving from IMAP gmail to Google Apps for domain
Setting up a no-reply email address with Google Apps
How do I login into Google Apps via a URL?
Google Apps Account to be used instead of Google Account for GAE application with a UserProperty
Connecting domain to google app engine without google apps.
Google Apps stops sending email every few days
Google Apps domain as OpenID provider
Storing data in Spreadsheet instead of any database
Sending email through a Google Apps account is working locally, but not on my web server...
JCE problem in Lotus Expeditor (IBM's custom Eclipse runtime)
Send Email via C# through Google Apps account
How do I send mail to my google apps mail server from the webserver with the same name (using sendmail)?
iPhone sending data to and retrieving data from Google Apps?
Bug tracking that works with Google Apps?
How do you delegate your OpenId to Google Apps
What is Google Apps?
Syncing Django users with Google Apps without monkeypatching
How do you query the set of Users in Google App Domain within your Google App Engine project?
How do I send up debian sendmail to use google Apps smtp to by pass ISP blocking smtp
Must issue a STARTTLS command first. Sending email with Java and Google Apps
Can I use Google Apps for domain Email and still use a "sendmail" server to send emails?