I want to validate an email address on the domain before an account creation. I am using a organization level OAuth from microsoft, but i only want to allow users from paying organizations. I am using the oauth signin option. Can i block the account creation based on the domain? The code to check it i allready have, but cant figure out the moment when to trigger it.
#[SOLVED] Validate on domain with OAuth login
bold elbow
fair breach
why not validate before triggering the OAuth client side?
pallid viper
I want to validate an email address on the domain before an account creation. I ...
Can you put restrictions on the oauth provider side?
bold elbow
Uhm, i dont know actually, but i have a table of active organizations in appwrite
So i want to connect that with the active list of organzations.
bold elbow
why not validate *before* triggering the OAuth client side?
How to do that and force the login email through the oauth?
bold elbow
Can you put restrictions on the oauth provider side?
I have something implemented now that i logout immediately after checking the organization but then they already authorized successfully. The user account is created in this case. That is kind of a problem and a security issue
pallid viper
I have something implemented now that i logout immediately after checking the or...
This relies on client side logging out which isn't reliable.
Maybe what you can do is set the user limit to 1 and then use a function to validate email before creating an account. Then, do the oauth flow
bold elbow
That wont make it easy for the user, because then you will use a magic link for example to login, and then use the oauth login. I could switch entirely to magic link, but there goes the secure oauth method 😅
pallid viper
That wont make it easy for the user, because then you will use a magic link for ...
What do you mean magic link? By validating email, I mean only creating the account if they're in whatever organiy
bold elbow
What do you mean magic link? By validating email, I mean only creating the accou...
I think i dont understand the workflow you propose
pallid viper
I think i dont understand the workflow you propose
- User lands on sign up page
- User enters email
- App executes the function passing email
- Function gets the domain and checks if they paid
- If yes, function creates account
- App calls create oauth2 session
- If no, return error
- App sees error and returns a message saying they need to pay
bold elbow
Okay, in this case they can give a dummy email, and login with oauth with their real email, and pass the validation without paying?
pallid viper
Okay, in this case they can give a dummy email, and login with oauth with their ...
No because the only way the account can be created is via the function
bold elbow
Oh, and what creation function do you recommend
pallid viper
Oh, and what creation function do you recommend
What?
bold elbow
Well, with the function you should create the account. But you need to set a password or something
pallid viper
Well, with the function you should create the account. But you need to set a pas...
No you don't need to set a password
bold elbow
Ah sorry, didnt know about the users endpoint. But users endpoint cab crrate users when limit is on 1?
pallid viper
Ah sorry, didnt know about the users endpoint. But users endpoint cab crrate us...
Yes, console account and API keys are not restricted by the limit. The limit is only client side