Enable Google Login to accept logins from more than one hosted domain (aka GSuite domain)

Currently, the “google oauth2 hd” login setting can either be left blank (allowing login from any Gmail or GSuite/hosted domain account), can be set to * (allowing login from any GSuite/hosted domain account), or can be set to a single GSuite domain name (allowing login from accounts in one GSuite/hosted domain.) A fourth option – already supported by the underlying omniauth-google-oauth2 gem but not currently supported by Discourse – is to specify a list of hosted/GSuite domains (allowing logins from accounts in any one of the specified GSuite domains.)

In other systems, I’ve seen this done by allowing multiple domain names to be comma-delimited or space-delimited in the corresponding setting (google oauth2 hd at <discourse>/admin/site_settings/category/login.) An incomplete PR along these lines can be found at https://github.com/discourse/discourse/pull/6067

6 Likes