I'd like to use Google's oAuth to authenticate user to an internal system. We use a business version of GMail. Meanse [email protected]. Now I'd like to grant access only to those who have an email within the company.
I didn't find a clue using the Java doc of Google's oAuth. Is this possible?
Suggest you use Google's OpenID connect implementation.
When you receive the Identity Token for the user, the contents will be similar to:
{"iss":"accounts.google.com",
"at_hash":"HK6E_P6.....DB1Q",
"email_verified":"true",
"sub":"10769150350006150715113082367",
"azp":"1234987819200.apps.googleusercontent.com",
"email":"[email protected]",
"aud":"1234987819200.apps.googleusercontent.com",
"iat":1353601026,
"exp":1353604926,
"hd":"example.com" }
The email parameter will have the email address which you could use to determine the validity. The "hd" parameter is the domain name.
You can try this with your domain. Go to https://developers.google.com/oauthplayground/ and select: Google OAuth2 API v2 then: https://www.googleapis.com/auth/userinfo.email
Then "Authorize API", answer the "Request for Permissions"
Then Select "Exchange Authorization code for tokens"
Then do a get on https://www.googleapis.com/oauth2/v2/userinfo (This will present the ID Token to the userinfo endpoint)
The return would be similar to:
{
"family_name": "Example",
"name": "Bob Example",
"picture": "https://lh5.googleusercontent.com/-.....jpg",
"gender": "male",
"email": "[email protected]",
"link": "https://plus.google.com/+BobExample",
"given_name": "Bob",
"id": "117157805301848682081",
"hd": "example.com",
"verified_email": true
}