I'm trying to implement google sign-in to my react SPA using their sign in with google for web API. I need a few pages to be internal use only which means login should only be possible for people with a certain domain "[email protected]". I see in the documentation I can add an "hd" field to get the domain back in the ID tokens payload, however, this doesn't help me. This is for the server flow and I'm trying to do this using the implicit flow. If I really need to I could implement the server flow but I'm trying to avoid it for now. Is it possible to limit domains access using the implicit flow? I'm very new to Oauth2, sorry if this is a dumb question.
Go to the Google Cloud console > OAuth consent screen > User type and make it Internal. The API has to be created from your organization account ([email protected]).