Enable Google Login to accept logins from more than one hosted domain (aka GSuite domain)

Currently, the “google oauth2 hd” login setting can either be left blank (allowing login from any Gmail or GSuite/hosted domain account), can be set to * (allowing login from any GSuite/hosted domain account), or can be set to a single GSuite domain name (allowing login from accounts in one GSuite/hosted domain.) A fourth option – already supported by the underlying omniauth-google-oauth2 gem but not currently supported by Discourse – is to specify a list of hosted/GSuite domains (allowing logins from accounts in any one of the specified GSuite domains.)

In other systems, I’ve seen this done by allowing multiple domain names to be comma-delimited or space-delimited in the corresponding setting (google oauth2 hd at <discourse>/admin/site_settings/category/login.) An incomplete PR along these lines can be found at https://github.com/discourse/discourse/pull/6067

6 Likes

I’d like to second this feature request. Our school uses two different domains. One domain for students (alum.college.com) and one for faculty/staff (college.com). We’d like for both students and faculty to be able to log in to our Discourse forum using Google login. There are many colleges using a similar split domain system to separate students and faculty/staff email addresses.