How to block log in for specific providers based on email domain?
My scenario:
I have google and microsoft social providers, and I also have some genericOAuth plugin providers for microsoft oauth for specific tenants so the autherisation screen can be skipped when they login.
My issue:
For users who have a genericOAuth, they should only be able to login using this. I have created a function which checks the email address domain to see if there are any restrictions on which provider they can use. This is to prevent a user creating a google account using their work email address then using the google account to sign in. I have tried to implement this using the before and after hooks, but for the social logins, the email address is not available as the user has not selected which email to use. When the after hook is run, the session has already been created so I can't block it.
I have also tried to use the customSession plugin to do something in there, but when using
The only method I have found is to use
Am I missing something?
Thanks
I have google and microsoft social providers, and I also have some genericOAuth plugin providers for microsoft oauth for specific tenants so the autherisation screen can be skipped when they login.
My issue:
For users who have a genericOAuth, they should only be able to login using this. I have created a function which checks the email address domain to see if there are any restrictions on which provider they can use. This is to prevent a user creating a google account using their work email address then using the google account to sign in. I have tried to implement this using the before and after hooks, but for the social logins, the email address is not available as the user has not selected which email to use. When the after hook is run, the session has already been created so I can't block it.
I have also tried to use the customSession plugin to do something in there, but when using
customSession(async ({ user, session }, ctx)The only method I have found is to use
customSessionuser.idproviderIdAm I missing something?
Thanks
