How to use oauth logins with a beta invite system?

Hi all,

I’m trying to figure out a way to use oauth logins (Facebook, Twitter, etc) with a beta invite system. In other words, I invite somebody via email, they click a link, create an account with the mechanism of their choice (including accounts-password), and then can login like normal with accounts-ui. BUT, of course, uninvited users shouldn’t be able to login with an oauth service!

It appears that there is no way (at least, without hacking some core packages) to capture a given oauth service’s login process so that I could see if a prospective user has been approved. Even if there was, it would still require the user to actually give the service permission, and THEN my app would potentially deny them—not a very nice user experience.

So is this just not done? Admittedly I don’t think I’ve seen it done. But it seems like there must be a way, right? It’s too valuable of an approach!

I just POC’d this:

Accounts.validateLoginAttempt(function(attempt) {
	var user = Meteor.users.findOne(attempt.user._id);
	if(user.betaAllowed) return true;
	else {
		// TODO: delete newly created user record
		return false;

This works! But the only thing that’s missing is a way to “pass in” a value that says “it’s ok, this login should be approved, and the betaAllowed field added to their user record.” Still researching, but not sure the best way to do that. A method doesn’t help because validateLoginAttempt is going to be called independently. Ideally I’d somehow pass an extra field through the attempt parameter…