You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2018/12/26 07:47:02 UTC

[jira] [Closed] (OPENMEETINGS-1881) OAuth - add "Strict to domain(s)" field

     [ https://issues.apache.org/jira/browse/OPENMEETINGS-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Maxim Solodovnik closed OPENMEETINGS-1881.
------------------------------------------

> OAuth - add "Strict to domain(s)" field
> ---------------------------------------
>
>                 Key: OPENMEETINGS-1881
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1881
>             Project: Openmeetings
>          Issue Type: Improvement
>          Components: OAuth
>            Reporter: Leonid
>            Assignee: Maxim Solodovnik
>            Priority: Major
>
> It would be a good practice to add OAuth login strictly for specified domain (at least for those who use Google domain (G-Suite) service).
> As I've figured out, at this point everyone, who own any Google account (personal or company) can log in to the OM system.
> Actually, it would be a good-to-have-feature which can allow specify 1+ domain, which is allowed it's users to log into the OM.
> Here's the article (really old one), which might be useful for developers - [https://stackoverflow.com/questions/10858813/restrict-login-email-with-google-oauth2-0-to-specific-domain-name]
> P.S. I understand, that adding field for all kinds of OAuth services might be unacceptable, so it can be replaced as an external file with domains per-line, which will be parsed by Google OAuth script.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)