[Feature Request] Restrict OpenID Connect Authentication Provider to specified hosted Domain

[cleverer]

• Gitea version (or commit ref): e87c540
• Git version: 2.15.2
• Operating system: Docker
• Database (use [x]):
  • [ ] PostgreSQL
  • [x] MySQL
  • [ ] MSSQL
  • [ ] SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • [ ] Yes (provide example URL)
  • [ ] No
  • [x] Not relevant
• Log gist:

Description

We would like to be able to restrict the OpenID Connect Authentication Source to a specific Domain, to only allow the users in our g suite to log in. This would be possible by implementing a check on the hd (hostedDomain) property.

https://developers.google.com/identity/work/it-apps

[tvvignesh]

@techknowlogick @cleverer Hi. Any updates on this? Currently we are able to register with any domain. Would like to restrict it to our org domain alone.

[cleverer]

@tvvignesh I don't think any progress has been made on this… I am now using the API to create users automatically instead of directly linking them to G-Suite. Also, check the last point of the doc (sudo) which seems to be necessary to achieve full functionality.