I am setting up Google sign in for a self hosted Answer instance. When I am testing Google sign in regardless of which google account I am testing with it is logging into the admin account I have set up, and when other people are using google sign in it is not creating accounts and have admin privelages. I have 3 allowed domains listed but signing in with google allows domains outside the allowed domains to log in, also into the admin account.
2 Answers
FYI, here is my configuration. Please continue to give me comments on how this configuration still has problems.
The Scope is https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile,openid.
I'm sorry, after testing, I've determined that this is a bug and OAuth is not authenticated by restricted domains. We will fix this issue in the next release version.
Thank you! This has fixed a couple of issues. Now it is creating users whenever someone logs in with their google account. However it is still ignoring the restricted domains list I have set up in the login settings.
Fix in v1.1.0
@LinkinStar
@mthorsen
Is this fixed or not? Can Answer be limited to specific domains? I've seen this on many other apps.
This definitely does not do what I was hoping. We use other apps (Redash, Snipeit, Zammad, others) that we use an External Google project but the app limits the domains to those specified.
The Answer settings do not do this.
Maybe I'm misunderstanding how it is supposed to work.