Is there an option to allow individual mail addresses?

[yarons]

Hi, I wanted to know if there's any option to select individual mail addresses instead of a whole domain or vice versa: Excluding individuals from my own domain.

Thank you.

[puiterwijk]

This is not possible with the OIDC_GOOGLE_APPS_DOMAIN option, since this is enforced at both Google and flask-oidc. Flask-OIDC currently doesn't have code to deal with allowed email addresses otherwise, so I'd say that you would need to handle that at your application. However, if you'd be interested, I could add an "authorization callback" where you would implement your own function to return True or False. Another way could be to allow requiring specific values for attributes.

Do you have a preference for leaving the filtering to the application or flask-oidc?

[yarons]

I think having such a feature on OIDC would benefit for additional features other than individual auth, am I correct?

[puiterwijk]

Yeah, I think that's a reasonable idea. I'll try to see if I can hack something up in the coming weekend.

[yarons]

You're the best, thank you!