Hi all,
I’m trying to figure out a way to use oauth logins (Facebook, Twitter, etc) with a beta invite system. In other words, I invite somebody via email, they click a link, create an account with the mechanism of their choice (including accounts-password), and then can login like normal with accounts-ui. BUT, of course, uninvited users shouldn’t be able to login with an oauth service!
It appears that there is no way (at least, without hacking some core packages) to capture a given oauth service’s login process so that I could see if a prospective user has been approved. Even if there was, it would still require the user to actually give the service permission, and THEN my app would potentially deny them—not a very nice user experience.
So is this just not done? Admittedly I don’t think I’ve seen it done. But it seems like there must be a way, right? It’s too valuable of an approach!