[SOLVED] Restricting OAuth User Login


#1

I’m creating a simple app for my team. We use Azure Active Directory internally which I have configured and working with my Meteor app. However, I don’t want everyone in the company to be able to access the app. My understanding is that a new user is created on first login. Ideally, the admin (me) would add users within the app, the oauth flow would run but only allow access if the user existed in the User collection.

Any ideas on how to solve this?


#2

depends how you configured meteor to work with AD

with https://atmospherejs.com/typ/accounts-ldap you have LDAP_DEFAULTS.createNewUser option


#3

Hmm I didn’t think about trying a different library. I’m using accounts-azure-active-directory.

I was more wondering if there is something with the oauth or accounts packages.


#4

I found a solution which is working. Looking at accounts-base, the function updateOrCreateUserFromExternalService simply checks for an existing id within the relevant service in the user record. I’ve just add that to my admin, user creation form then throw an exception in onCreateUser when called via an oauth login.

Maybe a little jank, but it works for my purposes.