All geek questions in one place

How do I know if a google account is in a Google Apps domain?

I am working on an application that allows users to share their disc files with friends. But there is a problem with the Google App account, for example someone@somadomain.com , from which files cannot be transferred to people who are not in this domain. Although the sharing policy can be changed by the administrator of somedomain.com , but I prefer not to allow users to use my application with a Google Apps account.

I am also checking this message: How do I determine if my account is a Google Apps account? . But I do not agree with the idea of ​​checking the domain to determine the type of account. Because people can sign up for a Google account at any email address. I just registered it in my Hotmail, someone@hotmail.com , which has no domain restrictions when sharing a file.

Can anyone help with this? Thanks!

+6
source share
3 answers

Assuming you included:

 https://www.googleapis.com/auth/userinfo.email

in the OAuth area, you can make a request:

 https://www.googleapis.com/oauth2/v2/userinfo

If this is a Google Apps account, the "hd" (Hosted Domain?) Parameter will be returned by a call with the Google Apps domain as the value. If this is a user account, be it @ gmail.com or even a potential “conflicting account”, the hd parameter will not be returned. See my example below. admin@jay.powerposters.org is the Google Apps account, and consumer@jay.powerposters.org is the user account. If I created a user user in the Google Apps domain, it would become a conflicting account, and the consumer account would be pushed out of the @ jay.powerposters.org namespace, but this has not happened yet.

For admin@jay.powerposters.org :

 GET https://www.googleapis.com/oauth2/v2/userinfo HTTP/1.1 200 OK Content-length: 99 X-xss-protection: 1; mode=block ... { "email": " admin@jay.powerposters.org ", "verified_email": true, "hd": "jay.powerposters.org" }

For consumer@jay.powerposters.org :

 GET https://www.googleapis.com/oauth2/v2/userinfo HTTP/1.1 200 OK Content-length: 71 X-xss-protection: 1; mode=block { "email": " consumer@jay.powerposters.org ", "verified_email": true }
+10
source

I don’t think there is a good way to check if the account is a Google Apps account. The only way I think of is to check the DNS records of the MX domain and see if any domain service is served by Google Apps servers (for example, mail from gmail, etc.), but even there you may have to check more than one service, because some Google Apps companies deactivate Gmail, for example (or some other service), instead of using a custom solution.

If I were you, I wouldn’t turn off the service for Google Apps accounts (how unfair !! :)), many people bought a Google Apps account to have a beautiful email domain, and their account behaves just like any other google accounts ..

I would just try to set the ACL from the fils files publicly when you need it, and if that doesn't work, display them with a good error message warning them about their disabling admin sharing ... It won't be many users, and there were it would be too bad if your application were not accessible to other "normal" Google Apps accounts.

+2
source

Or check the domain using a service like BrowserSpy . If MX records are displayed correctly, they are used by Google Apps.

-2
source

Source: https://habr.com/ru/post/920662/

More articles:


All Articles