I have a Django/python site and have set up Python Social Auth to allow for authentication with a google account, actually specific to my domain. We have a domain that is hosted through google accounts.
I have set the whitelist to only accept email accounts from my domain. That is working correctly. However, when I go to the authentication window it shows all of the google accounts I have - there are two gmail accounts that cannot authenticate due to the whitelist option, but the accounts still show. The user will not know they can't use the other accounts until they try and get a nasty error message "AuthForbidden: Your credentials aren't allowed."
Any way I can limit the list that they see to accounts that they can actually use? I have a coworker who set this up for a different website that runs on ColdFusion and he set the meta content headers to something for the whitelist and ran the login through javascript, which allowed him to specify the domain using scope and that did limit the accounts visible to only those of the specified domain.
Thanks in advance.
UPDATE: When I get redirected to the google auth page, I can add &hd=domain.com to the query string which limits the display. How can I force this variable to be set when redirected to this login page?
Found it.
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {
'hd': 'domain.com',
'access_type': 'online',
}
I had tried adding it to the source code, but when I opened my page it automatically logged me on, so I thought something was broken. Turns out, if you modify these arguments, it sets the access_type to offline by default, so it was automatically logging me on offline. I had to add 'access_type': 'online' to prevent this.