Oauth2 login with only with gmail domain

General
1

Hi all!

I have a strange scenario where i want to integrate nodered login using oauth2 but only for gmail users and not another google domain.

In the following code, i'm checking if the email address is from gmail and then fill in the empty array that is declared outside the "modules" block.
Then the array is used in the "users" block. But is not working.

// declare the empty users arrays...
let users = [];

module.exports = {
//.....following code....

   adminAuth: {
        type: "strategy",
        strategy: {
            name: "google",
            label: 'Sign in with Google',
            icon: "fa-google",
            strategy: require("passport-google-oauth20").Strategy,
            options: {
                clientID: "xxxxxxxxx",
                clientSecret: "xxxxxxxxxxxxx",
                callbackURL: "http://localhost:1880/auth/strategy/callback",
                scope: ['profile', 'email'],

                verify: function (token, tokenSecret, profile, done) {
                    profile.username = profile.emails.find(x => x.verified).value;

                    const getUsernameEmail = profile.username;

                    console.log('Username:', getUsernameEmail);

                    if (getUsernameEmail.includes('@gmail.com')) {
                        console.log('The email address is from gmail.com');
                    }

                    if (!users.some(user => user.username === getUsernameEmail)) {
                        users.push({ username: getUsernameEmail, permissions: ["*"] });
                    }

                    console.log('Users array:', users);

                      return done(null, profile)
                }
            }
        },
        users: users

The output is:

The email address is from gmail.com
Users array: [ { username: 'lalala@gmail.com', permissions: [ '*' ] } ]

Ok, but i have the following UI message:

image
image910×439 23.4 KB

What i'm missing here?.

If i hardcode the "users" block like this it works fine.

users: [
             { username: 'lalala@gmail.com', permissions: ["*"] },
             { username: "usuario2@gmail.com", permissions: ["read"] }
         ]

The main goal is to only allow a certain domain.
Other ideas if how to implement this?.

Thanks a lot!

3

Hi @Marty1982

A bit of a guess on my part, but try removing the return keyword at the end of your verify function - just call done(....) without returning it

4

HI @knolleary Thanks for the reply.

If i do that the login screen get in blank. Like if it get waiting for something to happend.
I could solved it adding this block:

users: function (varName) {
            return new Promise(function (resolve) {
                resolve({ username: varName, permissions: "*" });
            })

This block logs in the @gmail.com user (without the profile picture :frowning: ) and works fine.

Either way...I will go for "hardcoded" users, i decided that is the best approach by now.

Maybe i'm thinking that Passport-google-oauth20 is not the best option to have and should another passport strategy....

Regards!

5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.