I have Rails web application. I have simple user's authentication with email and password. Now I need to add OAuth authentication with Google, but I need to allow only users that use Google Apps. Is there any best way to do it or I just need to check their domain and allow all except @gmail.com?
Notice: I've already seen documentation about specifying hd URI parameter, but it works only for some specific domain, and I need any, but not @gmail.com.
Include email in your list of OAuth scopes. Then, in the token you get back, there will be a hd attribute if it's a Google Apps account. If the hd attribute is not present, its' a consumer account. Be aware that it's possible to create a consumer account that has an address of something other than @gmail.com or @googlemail.com. For example, I can create a consumer account with the address jsmith@yahoo.com or jsmith@acme.com as long as I can get email to those addresses. Thus the need to check hd instead of depending on the domain name.