BA
Better Auth•3w ago
Hozay

Enforce Email Domain Restriction on Google

How can I achieve this? I tried doing the example from the documentation (https://www.better-auth.com/docs/concepts/hooks#example-enforce-email-domain-restriction) but that did not work for my case. I am trying to restrict for only a specific domain "example.com" to be accepted to sign up. Thank you!
Hooks | Better Auth
Better Auth Hooks let you customize BetterAuth's behavior
5 Replies
🌠kkMihai ⚡
🌠kkMihai ⚡•3w ago
can you show how you do it atm? and what do you mean by "did not work for my case"? explain what didin't work exactly
Hozay
HozayOP•3w ago
This is my code: 
import { betterAuth } from "better-auth";
import { Pool } from "pg";
import { createAuthMiddleware, APIError } from "better-auth/api";
import {nextCookies} from "better-auth/next-js";
import {sendEmail} from "@/app/lib/email/send-email";

export const auth = betterAuth({
    database: new Pool({
        connectionString: `postgres://${process.env.POSTGRES_USER}:${process.env.POSTGRES_PASSWORD}@postgres-db:5432/${process.env.POSTGRES_DB}`,
    }),
    socialProviders: {
        google: {
            enabled: true,
            prompt: "select_account consent",
            accessType: "offline",
            clientId: process.env.GOOGLE_CLIENT_ID as string,
            clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
        }
    },
    account: {
      accountLinking: {
          enabled: true
      }
    },
    emailVerification: {
        autoSignInAfterVerification: true,
        sendVerificationEmail: async ({url, user}) => {
            await sendEmail(url, user);
        }
    },
    plugins: [
        nextCookies(),
    ],
    hooks: {
        after: createAuthMiddleware(async (ctx) => {
            const user = ctx.context.user;
            if (user?.email && !user.email.endsWith('@ucsc.edu')) {
                throw new APIError("FORBIDDEN", {
                    message: 'Only @ucsc.edu email addresses are allowed'
                });
            }
        }),
    },
});
import { betterAuth } from "better-auth";
import { Pool } from "pg";
import { createAuthMiddleware, APIError } from "better-auth/api";
import {nextCookies} from "better-auth/next-js";
import {sendEmail} from "@/app/lib/email/send-email";

export const auth = betterAuth({
    database: new Pool({
        connectionString: `postgres://${process.env.POSTGRES_USER}:${process.env.POSTGRES_PASSWORD}@postgres-db:5432/${process.env.POSTGRES_DB}`,
    }),
    socialProviders: {
        google: {
            enabled: true,
            prompt: "select_account consent",
            accessType: "offline",
            clientId: process.env.GOOGLE_CLIENT_ID as string,
            clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
        }
    },
    account: {
      accountLinking: {
          enabled: true
      }
    },
    emailVerification: {
        autoSignInAfterVerification: true,
        sendVerificationEmail: async ({url, user}) => {
            await sendEmail(url, user);
        }
    },
    plugins: [
        nextCookies(),
    ],
    hooks: {
        after: createAuthMiddleware(async (ctx) => {
            const user = ctx.context.user;
            if (user?.email && !user.email.endsWith('@ucsc.edu')) {
                throw new APIError("FORBIDDEN", {
                    message: 'Only @ucsc.edu email addresses are allowed'
                });
            }
        }),
    },
});
I created an after hook to check if it's a UCSC account, and a user was still able to create an account with Google. Google is the only Social Provider that I am using for this app. I also tried doing the before hook, but that still did not work. The if statement I used was 
hooks: {
        before: createAuthMiddleware(async (ctx) => {
            if (ctx.path !== "/sign-up") {
                return;
            }
            if (!ctx.body?.email.endsWith("@ucsc.edu")) {
                throw new APIError("BAD_REQUEST", {
                    message: "Email must end with @ucsc.edu",
                });
            }
        }),
    },
hooks: {
        before: createAuthMiddleware(async (ctx) => {
            if (ctx.path !== "/sign-up") {
                return;
            }
            if (!ctx.body?.email.endsWith("@ucsc.edu")) {
                throw new APIError("BAD_REQUEST", {
                    message: "Email must end with @ucsc.edu",
                });
            }
        }),
    },
🌠kkMihai ⚡
🌠kkMihai ⚡•3w ago
use a database hook and check before it creates the user https://www.better-auth.com/docs/concepts/database#1-before-hook
Database | Better Auth
Learn how to use a database with Better Auth.
No description
Hozay
HozayOP•2w ago
@🌠kkMihai ⚡ Exactly what I needed!!! Worked perfectly! Thank you so much for your help!
🌠kkMihai ⚡
🌠kkMihai ⚡•2w ago
happy to help

Did you find this page helpful?