https://supertokens.com/ logo
#support-questions
Title
# support-questions
s

shivam51

06/22/2022, 4:46 AM
Is there a way to restrict google sign-ins only to a single domain? for organisations or school mails. I am using supertoken with NestJs and Vue.
r

rp

06/22/2022, 5:04 AM
Hey @shivam51 it is possible. I’ll get back in 30 mins or so
hey @shivam51
s

shivam51

06/22/2022, 5:42 AM
hi
r

rp

06/22/2022, 5:42 AM
You can do that by: - overriding the signinup recipe function in your recipe (I am assuming you are using ThirdParty recipe) to check the email's domain. - If the email domain doesn't match, you would return a FIELD_ERROR with custom message. Then on the frontend, you can check for this output and display the message
i can show you some code if you tell me which recipe
s

shivam51

06/22/2022, 5:44 AM
I blindly followed to docs. will check the recipe and get back to you in a minute
I am using a ThirdPartyEmailPassword.Google recipe if that's what you are asking
r

rp

06/22/2022, 5:47 AM
right
s

shivam51

06/22/2022, 5:47 AM
it would be great if you could show some code
r

rp

06/22/2022, 5:49 AM
Something like this:
Copy code
ThirdPartyEmailPassword.init({
    override: {
        functions: (oI) => {
            return {
                ...oI,
                thirdPartySignInUp: async function (input) {
                    let email = input.email;
                    if (!isEmailAllowed(email)) { // your custom email check
                        return {
                            status: "FIELD_ERROR",
                            message: "Email not allowed to sign up / in"
                        }
                    }
                    return oI.thirdPartySignInUp(input);
                }
            }
        }
    }
})
s

shivam51

06/22/2022, 7:30 AM
Copy code
js

export class SupertokensService {
  constructor(@Inject(ConfigInjectionToken) private config: AuthModuleConfig) {
    supertokens.init({
      appInfo: config.appInfo,
      supertokens: {
        connectionURI:
          'fooBar',
        apiKey: 'fooBar',
      },
      recipeList: [
        ThirdPartyEmailPassword.init({
            override: {
                functions: (oI) => {
                    return {
                        ...oI,
                        thirdPartySignInUp: async function (input) {
                            let email = input.email;
                            if (!isEmailAllowed(email)) { // your custom email check
                                return {
                                    status: "FIELD_ERROR",
                                    message: "Email not allowed to sign up / in"
                                }
                            }
                            return oI.thirdPartySignInUp(input);
                        }
                    }
                }
            },
          providers: [
            ThirdPartyEmailPassword.Google({
              clientId:
                'fooBar',
              clientSecret: 'fooBar',
            })
          ],
        }),
        Session.init(),
      ],
    });
  }
}
Hey @rp will it look something like this then?
r

rp

06/22/2022, 7:31 AM
yup
s

shivam51

06/22/2022, 7:36 AM
hey another question.
r

rp

06/22/2022, 7:37 AM
you need to do
email.id
s

shivam51

06/22/2022, 7:37 AM
this
email
stores the userId and if he is verified or not, for
isEmailAllowed
I would be needing the email itself right?
foo@bar.com one
r

rp

06/22/2022, 7:37 AM
email.id is the email ID. Not the user Id
s

shivam51

06/22/2022, 7:48 AM
@rp this works, thanks man!
just a nitpick its
error: "Email not allowed to sign up / in"
right?
not message
r

rp

06/22/2022, 7:49 AM
oh yea.
error is right
2 Views