Can OAuth via Google be limited to a Domain?

I am considering using Grav for a company intranet. We currently use Google Apps for everything, and so I am really excited that Grav supports “Sign in with Google”. However, I would need to be able to configure it to only allow users to authenticate that had an email address belonging to our email domain.

I haven’t looked into the plugin code yet, but the docs didn’t mention this as a feature. I’m sure I could do it with some creative PHP, but i’d rather not mess around with it if there is a built in way, or a better way. Anyone have any input?



Right now the oauth capability is coded into the login plugin but we are discussing breaking this out into a plugin that enhances login. This would also mean you could more easily fork or create your own authentication plugin.

Thanks for the reply. I’ll stay tuned. In the meantime I may build something that can intercept a login request, and just do email domain validation in php before submitting to google.

Joshua, did you happen to develop your own solution for this? I’m also looking for Google Authentication with domain filtering.


Please add this request to the soon-to-be-release Oauth plugin:

Will do, thanks!

Hi, correct me if I’m wrong: the recently added whitelisting option effectively allows to restrict access to a specific domain?