Authenticate user with a specific hosted domain (hd) in Flask with Oauth2

The hd parameter can be set by appending it to the auth_uri as follows

auth_uri = GOOGLE_AUTH_URIauth_uri = auth_uri + '?hd=' + 'example.com'auth_flow = OAuth2WebServerFlow(client_id=AUTH_CLIENT_ID,                            client_secret=AUTH_CLIENT_SECRET,                            scope=AUTH_PLUS_SCOPE,                            redirect_uri=AUTH_CALLBACK_URI,                            auth_uri=auth_uri,                            )

However in my experience the hd parameter does not restrict users with different email addresses from logging in. You should always validate the credentials.

def authenticate(code):    try:        credentials = _get_credentials(code)        if not credentials.id_token['email'].endswith('@example.com')            # abort(401)            raise Unauthorized()        user = User.get_or_create(credentials)        login_user(user)     except FlowExchangeError:        raise Unauthorized()

CodeHunter

Authenticate user with a specific hosted domain (hd) in Flask with Oauth2

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last