[FIXED] How to restrict access with google oauth to one specific domain

Issue

So I am trying to create restricted access to one specific domain, because I want to use this application privately.

I browsed on the internet and tried some solutions, but so far I just can't get them to work.

My code looks as follow:

from flask import Flask, redirect, url_for, session, request, jsonify,render_template
from flask_oauthlib.client import OAuth
from bs4 import BeautifulSoup
app = Flask(__name__)

app.config['GOOGLE_ID'] = ""
app.config['GOOGLE_SECRET'] = ""
app.debug = True
app.secret_key = 'development'
oauth = OAuth(app)

google = oauth.remote_app(
    'google',
    consumer_key=app.config.get('GOOGLE_ID'),
    consumer_secret=app.config.get('GOOGLE_SECRET'),
    request_token_params={
        'scope': 'email',
        'hd': 'exampledomain.com'
    },
    base_url='https://www.googleapis.com/oauth2/v1/',
    request_token_url=None,
    access_token_method='POST',
    access_token_url='https://accounts.google.com/o/oauth2/token',
    authorize_url='https://accounts.google.com/o/oauth2/auth',
)

@app.route('/')
def index():
    return redirect(url_for('login'))

@app.route('/login')
def login():
    return google.authorize(callback=url_for('authorized', _external=True))


@app.route('/logout')
def logout():
    session.pop('google_token', None)
    return redirect(url_for('index'))


@app.route('/login/authorized')
def authorized():
    resp = google.authorized_response()
    if resp is None:
        return 'Access denied: reason=%s error=%s' % (
            request.args['error_reason'],
            request.args['error_description']
        )
    session['google_token'] = (resp['access_token'], '')
    return render_template('index.html')


@google.tokengetter
def get_google_oauth_token():
    return session.get('google_token')

I tried it with hd, but I can still manage to login with the other domains. So how can I manage to restrict the access to one domain?

Solution

Had to search for a while, but found my solution on the following github: https://github.com/vistarmedia/google_oauth_flask

The code over there actually was the solution and it worked flawless.

I recommend to use Flask-Dance instead of the solution above, more information can be found over here: https://flask-dance.readthedocs.io/en/latest/

Answered By - Solaiman