dankelleher
commented
4 years ago I have a possibly simpler fix which uses the Get Members Google Directory API call instead of hasMembers:
Open 3sGgpQ8H opened 4 years ago
dankelleher
commented
4 years ago I have a possibly simpler fix which uses the Get Members Google Directory API call instead of hasMembers:
Google OAuth 2.0 authentication could be used to authenticate Google user from any domain, including Google's own
gmail.com. One just need to omithd=...parameter in OAuth query.Google group, created in particular domain, may contain emails from arbitrary domains, even not hosted by Google.
However, hasMember method, used by Google Groups authorization code may check group membership only for users of current GSuite domain. This means, that Google Groups authorization is not currently able to authorize
@gmail.comaccounts and accounts of any Google user from domains other than current GSuite domain.Alternative solution would be to user list that returns all email in Google group, even those, that don't belong to the users of current GSuite domain or to any Google account.
This alternative solution would be less efficient, so it is worth to support both approaches and use one or another depending on user's email domain.